What Do We Mean When We Say: Digital Immune System

What is a digital immune system?

Your body's own immune system provides a comprehensive defense against attacks, combining many different physical responses and countermeasures to beat back viruses while also offering the resilience needed to keep you on your feet. Now imagine that same framework applied to a computer network or data center.

That, in a nutshell, is how a digital immune system, or DIS, would ideally be expected to function. Embracing the concept of a DIS is central to protecting systems and important data against threats. This is especially true for business and other organizations that are driven mostly or entirely by technology and are therefore most susceptible to cyber-attacks.

A Network that Protects Itself

While it’s simple to write down a basic description of what a digital immune system might look like and how it would function, the concept is definitely not easy to implement. A reliable digital immune system (DIS) needs to function at every level and requires cooperation between developer, analysts, and cybersecurity specialists.

There is no single blueprint for everyone to follow to implement the same solution across every business or organization. Rather, DIS is a holistic approach to security that weaves best practices into every aspect of your business model.

A properly implemented DIS builds resilience into critical applications and services to minimize downtime and recovery in the event of a disaster. We may not yet be fully capable of mimicking the "search and destroy" (or disarm) function of a human body's white blood cells, but that's what DIS designers are aiming for.

At the heart of a DIS is a software programming methodology. To fully enact one of these systems, a company will have to set up all of their software to incorporate unit testing. Unit tests are typically automated tests written and run by software developers to ensure that a section of an application (known as the "unit") meets its design and behaves as intended.

In procedural programming, a unit could be an entire module or a service-set within a process, but it is more commonly an individual function or procedure. In object-oriented programming, a unit is often an entire interface, such as a class, or an individual method. By writing tests first for the smallest testable units, then the compound behaviors between those, one can build up comprehensive tests for complex applications.

Pieces of the Puzzle

What is a digital immune system?

As to how and why DIS will affect the industry, I believe from a resource and knowledge perspective, every company will have to add resources (people and capital) to successfully implement this methodology. Business and organizations will have to develop a mindset of security and service for the end user, and for the entire company.

Some of the key functions to implement are as follows:

Observability — Every application or system that you build and grow within your organization provides an opportunity to see how end users interact with your product and/or service. If you can’t measure it, you can’t improve it. Capturing real time information about both proper function and breakdowns is essential.

AI-Augmented Testing — It's hard to have someone in the company testing and monitoring software continuously. Automating as many processes as possible, from scheduling of tests to data analysis, helps to provide a steady flow of information that keeps everything rolling.

Chaos Engineering — This is sort of like automated penetration testing, where the system is continually probed for vulnerabilities. (I personally also include load testing in this category.) The basic idea here is analogous to the famous legend about Mithridates VI of Pontus continually imbibing small doses of various poisons to gradually accustom his body to fighting off their effects.

Autoremediation — Can your system detect a problem and fix it? AI pioneer Marvin Minsky once designed a box with a switch. When the switch is turned on, the box opens to release an appendage that moves the switch back to the "off" position. Autoremediation is appreciably more complex than what Minsky called his "ultimate machine," but the underlying concept is similar.

Site Reliability Engineering (SRE) — SRE amounts to following best practices at all stages of design and implementation to improve the overall customer experience, or CX. The point is to assure reliability and stability. There's a balance to be struck, as robust SRE can be both staffing- and labor-intensive.

Software Supply Chain Security — How your company vets, onboards, and assess vendors is an important factor in the overall security of your systems and applications. The mission here is essentially to enforce quality assurance when you integrate tools and processes that originated outside your organization.

People and Processes

What is a digital immune system?

A central element of any DIS is to make everyone part of the process. Instead of having a separately functioning security division or team, security assurance is incorporated into every department.

Security has to be considered in every implementation and every design. In modern organizations security becomes a key consideration at all stages of product design, development, and deployment. Security has to be ingrained in your organization's culture in such a way that everyone is responsible to contribute to the overall outcome.

DIS also offers a clear example of human and AI working together, in concert, to achieve an outcome that would be much more cost-intensive if left entirely in human hands. With the help of AI and automation, your system or network will monitor itself and correct issues automatically as it detects them. Problems can be address and operations "rebooted" back to a normal working state without direct intervention.

What I expect will come of this concept in the future is that it won't even be something that organizations consciously think about and strive toward — sort of like how the human immune systems function "beneath the surface" and without direct monitoring.  As DIS ideas are integrated into development lifecycles and everyday processes, companies will become less likely to talk about the need for, or existence of, their DIS.

Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author
Nathan Kimpel is a seasoned information technology and operations executive.

Nathan Kimpel is a seasoned information technology and operations executive with a diverse background in all areas of company functionality, and a keen focus on all aspects of IT operations and security. Over his 20 years in the industry, he has held every job in IT and currently serves as a Project Manager in the St. Louis (Missouri) area, overseeing 50-plus projects. He has years of success driving multi-million dollar improvements in technology, products and teams. His wide range of skills include finance, ERP and CRM systems. Certifications include PMP, CISSP, CEH, ITIL and Microsoft.