(IJCST-V11I6P8) :subhadip Kumar
(IJCST-V11I6P8) :subhadip Kumar
ABSTRACT
Artificial Intelligence for IT Operations (AIOps) is a rapidly growing field that applies artificial intelligence and machine
learning to automate and optimize IT operations. AIOps vendors provide services that ingest end-to-end logs, traces, and
metrics to offer a full stack observability of IT systems. However, these data sources may contain sensitive information such as
internal IP addresses, hostnames, HTTP headers, SQLs, method/argument return values, URLs, personal identifiable
information (PII), or confidential business data. Therefore, data security is a crucial concern when working with AIOps vendors.
This article discussed about the security features offered by different vendors and how best practices can be adopted to ensure
data protection and privacy.
Keywords: - AIOps, Cyber Security, AI Security.
I. INTRODUCTION
control) and masking to ensure minimum exposure in case of
AIOps, or Artificial Intelligence for IT Operations, is a new a data breach.
approach that leverages machine learning and automation to
enhance the observability and reliability of complex software
systems. Observability is the ability to monitor and understand
II. TYPE OF DATA COLLECTED
the internal state of a system or application based on the AIOps can help IT teams monitor, analyze, and
external outputs, such as logs, metrics, and traces. Several troubleshoot complex systems, as well as improve service
vendors offer full stack observability, monitor security quality and customer satisfaction. However, AIOps also
vulnerabilities, automations, actionable alerts, and insights. involves collecting and processing logs, metrics and traces
These vendors ingest customers’ logs, traces and metrices to which contains a large amount of sensitive data, such as client
produce actionable insights and recommendations that help IP addresses, HTTP headers, HTTP post parameters, URL
SREs, and developers achieve full stack observability and query parameters, SQL bind variables, SQL statements,
improve the quality and efficiency of their software delivery. personally identifiable information (PII), and more. This data
Security is a big concern when these vendors ingest customer can reveal a lot of information about the users, their behavior,
data such as logs, metrices and traces as they consist sensitive their preferences, and their identity. If this data is not
information such as IP addresses, client details and their protected properly, it can lead to a serious data breach, which
personal information’s even confidential business data. Also, can have legal, financial, and reputational consequences for
when this data is in transit or at rest, vendors ensure that the both the IT service provider and the users. Therefore, it is
data is protected from being exposed. Security is always a essential to implement appropriate security measures to
joint responsibility that requires the participation and protect the data at every stage of its lifecycle, from capture, to
contribution of all stakeholders to create a safe and secure transit, to storage, to display.
environment for everyone. In this article, we will discuss
about different AIOps vendors and their security features. III. DATA COLLECTION AGENT BY
However, AIOps also poses some security challenges, such as VENDOR AND AGENT SECURITY
data privacy, access control, and compliance. Therefore, it is
important to choose an AIOps vendor that can provide robust A. DATA COLLECTION AGENT BY VENDOR
and reliable security solutions. Different AIOps vendors have
Most of the vendors deploy a single agent to collect data
different standards and approaches to meet security standards.
from remote sources and forward that to vendor’s instance.
In this article, we will discuss in detail about those security
Some examples include:
measures and how a customer can leverage them and develop
- Splunk has three types of forwarders aka agent –
a best practice.
Universal forwarder, heavy forwarder, and light forwarder [1].
We will also discuss about how the vendors ingest
Out of that universal forwarder is the most popular one.
customer data, encryption in transit and in rest from
Universal forwarder handles all kinds of data – starting from
customers’ system to vendor, in product communications,
Microsoft Windows event logs, webserver logs, change logs,
masking of sensitive information’s and PII. Will also discuss
archive files etc.
how to protect the data using RBAC (Role based access