Photo by Gustavo Xavier on Unsplash
Intelligent observability with AI and Coroot
Silent Observer
Intrusion detection and intrusion prevention are part of everyday life for admins. Solutions for these issues are basically very straightforward beasts that analyze data streams and use sophisticated heuristic methods to identify patterns that point to an imminent or ongoing attack. If any suspicious activity is noticed, an alarm helps you launch countermeasures at an early stage.
The developers at Coroot [1] go beyond the usual intrusion detection systems (IDS) on the market today and offer a kind of artificial intelligence (AI) IDS as a service, revealing several interesting technical details that are worth a closer look.
Dumb Systems
The countermeasures of solutions typically found on the market today can be anything from simple packet filters to sophisticated firewall constructs. Firewalls, for example, leverage connection states as a parameter to decide whether or not to deliver packets. Today's IDS or intrusion prevention systems (IPS) no longer simply police intrusions, they often offer options that automatically identify and warn you about distributed denial of service (DDoS) attacks so that you can immediately block the attack at the network level.
Although these solutions are anything but easy to use because they require a high level of skill and familiarity, these systems are in fact "dumb" in and of themselves. At the end of the day, they just use predefined patterns to determine whether or not an attack is taking place. The principle is similar to that of antivirus software, which only detects malware if it finds a matching signature in its database; it needs a description of the files and checksums that comes with the virus. If this signature is missing for some reason, the program is blind to the threat; thus, a lucrative malware market thrives on the darknet, where previously unknown exploits are sold
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Artificial admin
AIOps brings artificial intelligence tools into everyday administrative work, with AI-supported automation of some admin responsibilities. - The eBPF Approach to Container Monitoring
- SUSE Cloud Observability Announced
-
Monitor applications end to end
Your web server is running perfectly according to Nagios, but is it delivering the intended user experience? End-to-end monitoring lets you know whether your application is performing as expected. -
Tracking down problems with Jaeger
The various components of cloud-native applications are always exchanging information, which makes troubleshooting difficult. The Jaeger tracing framework helps hunt down the perpetrators.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
