2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
AI, Operations, and the demise of the System Console
For a decade we crisscrossed the highways of America in our motor coach. While not a regular sight at NonStop RUG events, we were able to visit many of the venues, including the annual HPE Discover event in Las Vegas. It was at a truck stop, pumping diesel into the coach, that we noticed a bumper sticker on the coach next to us. It was a variation on what is displayed above, except it did read RV is unlocked, keys under the German Shepherd. From the time when dogs were domesticated, there was an association between security and having a protective dog nearby.
I am not sure what the presence of a dog affords the owner, but I am not willing to find out. For movie buffs, there is a scene from the James Bond movie A View to a Kill, where a pair of well-trained Doberman Pinschers is turned loose on the heroine. With a single command, the dogs took off after her. For those more into television and watched Guy Piece in Jack Irish, a similar scene was enacted where a pair of guard dogs did a similar pursuit of our hero only this time, he escaped. It’s probably poor PR on the part of various dog breeds that they are categorized in this manner, but the image of protection is hard to miss.
At the NonStop TBC 2023 Conference, whether the topic was security, virus detection, hacker and ransomware defense, the issue of how best to protect the applications on NonStop was the center of many conversations. Present on the NTI stand in the Partner Pavilion, I had numerous discussions on the topic of analytics. Central to these discussions was the prospect of using DRNet®/Unified to integrate data created on NonStop with analytics engines running elsewhere. The prospect of establishing a symbiotic relationship between systems performing transactions and those processing analytics has always been a tempting scenario even if such a pair has yet to be truly realized.
Possible today? Certainly! But for many, it is yet again another sound solution looking for real problems to solve. While DRNet®/Unified has established itself as a viable candidate for taking fresh data created on NonStop and delivering it to analytics and visualization solutions e.g., >Splunk, it raises the question. Could such configurations that embolden analytics be turned around to help operations fend off one category of security offenders, the venerable system operator?
Attendees at the presentation given by ETI-NET Director, Business Development
Management Tools and Storage, Mike Mitsch, will have seen him reference the chart above. What made me curious was that almost all sources of possible unauthorized system breaches / intrusions were in decline. This has to do with the tremendous strides taken of late to train staff, and better protect our systems and solutions. Almost all sources talk of the category defined as system intrusion. Put another way, industry is turning the spotlight on the bad actors that are in the network and working carefully to impact system operation to their financial gain.
Bad actors range from highly sophisticated organizations that target financial institutions through backdoor/C2 (command and control) to unfortunately ill-willed operators. These bad actors can do far more damage to an enterprise and do so far more rapidly than even the best laid plans of the most sophisticated ransomware initiators. What Mitsch observed caught my attention almost immediately when I read of how backups and system restoration have become the top target for those prepared to enter a few clicks. Suddenly, and perhaps with no notice at all, your enterprise could find itself with nowhere to turn when the next couple of clicks delete critical files from the system.
NonStop systems have always been the target of multiple solutions, all aimed at ensuring that fresh data created on NonStop is protected. “Security has for years been a multi-layer thing – Perimeters, Antivirus, Firewalls everywhere, MFA, etc. complement each other,” said Bill Honaker in a recent email exchange. In this exchange he referenced the presentation at NonStop TBC 2023 by Randall Becker. As a follow up to his presentation, Randall has contributed an article to this issue of NonStop Insider where he directs further attention at the role of operators:
“Mostly, it is important to take away keyboards from your production staff.
This will ensure that even if someone manages to obtain their credentials,
no damaging action could be taken.
“There is a small cultural change management issue involved
as the production staff are probably going to push back on
having their keyboard access taken away, but they still should
be able to get onto the system with escalated credentials
(SUPER.BOB, for example) in an emergency.
“But that requires the use of the automated command
review system to enable those users.”
Make sure you look for Randall’s article, Ransomware: Is it time to take keyboards away from production? as it really is a good read.
When it comes to the automated command review system, could this be a prospect for analytics? Could AI be directed at ensuring we no longer need to depend on operators? Might the rise of AI lead to the extinction of that venerable system operator? Perhaps one day, maybe! On the other hand, there was no escaping the many NonStop vendors providing insight into their plans for recovering from ransomware and viruses in general, but there was less than convincing insights given to how best to detect and deter a belligerent and disgruntled operator.
When I first encountered system and network management systems there was always the thought that the best defense was probably placing a fierce dog between the keyboard and the operator. For many this old-school approach still holds water. But what if the dog needs a bio break? It’s a good idea to go down this path but few enterprises would ever give this approach any serious thought.
On the other hand, as Bill and Randall observed, throwing technology at technology, and finding ways to layer AI into the defense as might be the case when looking for malware patterns like ransomware scanners, may indeed prove to be the right approach. There have been a number of products provided by NonStop vendors that automated much of operations and in this regard, I recall the early inroads into the NonStop base that ESQ made with the original PNA product. But in the intervening years, even as we want to champion simplification, the world of enterprise IT has become far more complex with no system acting as an island and no system completely disconnected from the world around it.
If you perceive the value on offer with AI is a ways off, then there is still the implementation of separation of functions – ensure you monitoring solution supports at a minimum a pair of distanced consoles where two operators are required to enter commands, securely, with no opportunity for collusion. This is what we have learnt is the key to missile launches. However, this is a conversation for a future column so keep watching for further updates on this subject.
What we can conclude then is that the single biggest weakness in our defense, against the hostile world we do live, in is likely to be the console. The likelihood that AI plays a role in the protection of this potential entry point is highly likely. Furthermore, it represents an ideal landing place for all those embracing AI looking for a problem to solve. In my opinion the time is right to pursue such a strategy. On the other hand, maybe for NonStop we consider the ease with which we can train a dog to fend off all approaches to the console. Perhaps not a single dog, but two, and give them the honor of being called Primary and Backup!