Today, virtually every device connects to the enterprise network. From simple-function IoT devices to multimillion-dollar operational systems, modern devices utilize data connectivity to perform highly specialized tasks much more intelligently. The sheer heterogeneity of these devices is growing exponentially.
Effectively regulating these devices, in terms of what they can and cannot do inside the enterprise, requires a significant amount of knowledge on each, since you simply cannot control what you don’t know. In an effort to build the necessary repositories of device intelligence, vendors create – with varying levels of detail – device profile libraries. These libraries should be viewed as a starting point, a base on which to deliver a comprehensive suite of control capabilities that effectively protect devices and relevant business-critical information. Developing a large profile library is nice – organizing that library in a way to keep it relevant and up to date is crucial.
There are enormous challenges in keeping the library relevant and up to date. A set of printers that are classified as a set of profiles in one enterprise installation will look slightly different in another customer installation – perhaps because of configuration, operational behavior, network connectivity – and will result in an entirely new set of device profiles. Any firmware or software update will necessitate a new profile in order to keep it up to date. At the same time, just like a traditional library, there are vast amounts of material that are irrelevant since nobody can effectively use them. Profiles with irrelevant information will do more harm than good. To search through all the myriad uncorrelated and out-of-date information in a library to get what you need is simply an untenable task.
Profile Library vs Profile Generator
The only clear way to keep the device profiles relevant and up to date is to develop a profile generator. Being able to report millions of device profiles in a library is fundamentally unimportant. What is important is the efficiency with which the profiles can be used in an underlying multi-vendor networking and security infrastructure – and automate such infrastructure to control these devices in terms of access control and policy enforcement. What’s needed is a real-time Profile Generator for those devices actually deployed in an enterprise which produces the relevant parameters for automated control.
Establishing a real-time Profile Generator necessitates sophisticated Machine Learning (ML) techniques. Each unique set of device attributes should be collected and fed into a machine learning engine, which learns and organizes it. When new devices are added to the network or when their software is updated, the learning engine intelligence determines whether it should add a new device profile or update an existing one. Moreover, it has the intelligence to determine that multiple devices, while they may have slight differences in individual attributes, are essentially the same type and class of device. It filters out irrelevant details and focus on important attributes.
Instead of creating a new profile for each of these devices and each variant of it, the machine learning engine enhances the main device profile to better predict the behavior of the device regardless of its enterprise-specific attributes. When fed a set of attributes of a device, the engine models the non-linear relationship on data for more generalized learning. This way it arrives at an “inference engine” that can predict the classification of devices that it has never seen before.
Along with machine learning, enterprises can also use carefully crafted ensembles of Random Forest and SVM algorithms to influence prediction performance. Such techniques have a significant positive impact on the classification accuracy of the inference engine.
For instance, in this scenario, a printer profile hierarchy would be organized as a logical tree beginning for example with manufacturer, make, model, firmware, and other attributes that may vary from enterprise to enterprise. The engine intentionally organizes this structure in a way that enables increasing granularity of detail with each tier, while other approaches would create a different profile for each variation in any level of attribute. Not only is it an efficient way to store the profiles, the hierarchical method delivers an ever-increasing level of intelligence and accuracy, while maintaining the relationship among the devices in an efficient manner. As the number of devices identified to be within a group increases, the predictive engine becomes increasingly efficient in future classifications, all without the need for any manual intervention or personnel resources. The Profile Generator becomes a “Learning Tree” that continues to produce new branches and grow new leaves, while shedding dead branches and dropping dry leaves.
The ultimate goal is to effectively offer automated protection to the myriad connected devices that access the enterprise network. To do this, it’s necessary to generate and enforce granular policies that utilize the existing network and security infrastructure. It is absolutely essential to scale profiling efficiency to many hundreds of thousands of devices in a single enterprise, and finish this process within hours. Without understanding the relevant details of the relationship among these profiles properly organized in a hierarchical way – this policy generation would be untenable, if not impossible.
It may sound impressive and exciting to hear about many millions of device profiles. Big numbers get attention. But growing a tree is more than collecting thousands of leaves.