We conducted these experiments with firewall rules to prototype different approaches. You can read these approaches in detail in the whitepaper.
A next step to follow up on this framework would be to use semi-supervised learning. Using some of the data points that our models can confidently flag as anomalous would also help in generating annotated data for such detailed analysis. Since we only used firewall rules in this initial study, as a next step, we plan to use other features such as hierarchical location of the firewall rules and network-related metadata.
If you’re interested in contributing to the Forseti intelligent agents initiative, you can play around with any sample inventory data (or even your own), helping us generate broader anomaly detection mechanisms. By enlisting the community’s help with intelligent agents, we hope to continue to expand the Forseti toolset to help ensure the security of your cloud environment.
For more details about this initiative, check out the solution here.
Joe Cheuk, Cloud Application Engineer; Praneet Dutta, Cloud Machine Learning Engineer; and Nitin Aggarwal, Technical Program Manager, Cloud Machine Learning contributed to this report.