Security has become a data problem, explained an executive tasked with defending multicloud environments for large companies.

“The attack surface grows [using multiple clouds],” said David Hatfield (pictured), co-chief executive officer at Lacework Inc. “It’s different when you’re securing a data center or device where you have a very fixed asset and you kind of put things around it.”

What he is referring to is a broadening attack surface caused by the quintillions of datasets proliferating now rapidly across multiple, shared, cloud environments. “You can’t write rules and do security the way you used to do it,” he added.

Hatfield spoke with theCUBE industry analyst Dave Vellante at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed artificial intelligence and machine learning solutions for security compared with rules-based ones. (* Disclosure below.)

Data ingestion

The key to addressing the issue is to create machine learning and artificial intelligence models that ingest large quantities of theoretically insight-creating data, according to Hatfield.

“Anything we can get our hands on,” he said. “We look at all of the network data, configuration data, rules-based data and policies that customers might have.”

That fine-grain-resulting AI teaching is combined with an alert diet — stripping out the redundant alerts. Making sense of the threats via AI allows the company to prune the alerting.

“The amount of alerts that really are only the ones that need to go focus on,” Hatfield said. “Your alert volume [goes] from thousands per day to one or two high fidelity critical alerts per day.”

Polygraph detection is an element too. That’s where changes in characteristics are identified. Another key part incorporated is to create baselines and identify what normal is. That helps with unknown threats. “The really scary stuff when you’re in the cloud,” he added.

This kind of behavior-based security isn’t like traditional rules-based security. There’s an intrinsic disadvantage to that; in particular, if one is buying different companies and trying to stitch the rules-based engines together for compliance. “They don’t talk to each other,” he said.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event:

(* Disclosure: Lacework sponsored this segment of theCUBE. Neither Lacework nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE