Network engineers nowadays can track everything — from the traffic paths and patterns in the network to the performance variabilities of the swarm of devices and endpoints hooked to it, the protocols they tap to exchange information, to the KPIs that point to disturbances and deviations.

But does access to all that data mean better network health?

Tracking dynamic aspects of the network is not new, but operators more than ever now have tools and technology to keep their finger on the pulse. When hell breaks loose, they gather inside the war room and dive right into the crisis with all the facts at their fingertips. But the drills are not leading to better results as one would expect.

Operators are now battling an overwhelming amount of data, and instead of making them faster and more efficient at their jobs, it is slowing them down, leading to desensitization, and eventually, a burnout.

“The average network engineer is looking at 38 dashboards; the average infrastructure engineer’s looking at 15 dashboards; and applications are up almost 50 dashboards. And if you think of a full stack developer, now you’re looking at close to 75 dashboards..I call these glasses of pain,” remarked John Capobianco, product marketing evangelist at Selector, at the Networking Field Day event last month.

Not all of the data generated by monitoring tools is helpful or even necessary for a faster resolution. 40% respondents in an Intrusion State of Threat Hunting survey said they waste too much time on redundant information coming in from monitoring tools.

Another report by Orca Security published in 2022 found a correlation between excessive alerts and internal strife within the organization, with a majority (62%) pinning alert-induced fatigue and burnout to turnover.

Data from a Forrester Research confirms this: On an average, security teams spend 28 hours weekly just sifting through alerts, separating good notifications from false and inessential ones.

Tens of alerts get fired from a single error or defect when multiple monitoring tools pick up the same issue and the same data is delivered across an array of dashboards that personas at various levels of the organization are viewing. It is a firehose of duplicate information.

Operators need “one ticket, not 60 tickets,” said Capobianco.

Selector’s RCA (root cause analysis) AI agents are designed to deliver condensed, targeted alerts, aka “smart alerts”, that cut back the overall volume of tickets.

The idea of smart alert is to pack together all items of information into one notification. This notification holds all necessary datapoints related to an event, namely, the symptoms, related records, operators’ notes, system of records and so on, said Capobianco while presenting the solution.

This way, Selector smart alerts can not only eliminate scores of meaningless and duplicate alerts, but also present information holistically that is essential for a speedy resolution.

Selector’s agentic alerts include automatic event summaries, actionable items, context — and real insights that are often missing in regular alerts.

When a ticket is filed fully agentically, “you wouldn’t know if you read that ticket that a human didn’t open [it] and fill in the details,” he said.

Operators can dig deeper by clicking on a link within the alert which takes them to a view that shows all of the devices and applications impacted by the event.

The Selector Copilot, a conversational artificial intelligence (AI) chatbot embedded in the Selector AI platform, makes root cause analysis and triaging even simpler by bringing contextual information to the operators in plain language. Operators can ask any question related to the health of the environment, and it will make the answers available in a moment.

But the operator does not need to trust the system blindly, Capobianco says. “When a network engineer does this the first time, they can’t believe it.”

Selector provides alternative ways to delve into the sources to gauge the authenticity of the responses, “almost like cookies throughout the system”.

“When I give you the natural language answer, you’re actually able to go to the SQL query and validate the metrics and logs that are used. The raw data is available behind the scenes,” he told.

Selector’s bevy of AI agents complete the loop by auto-sending proactive notifications to teams and customers about planned outages and scheduled maintenance windows ahead of time. An agent can even add those to the calendar, Capobianco said.

Although Selector does not claim to be a security-focused company, Capobianco added that the AI insights are “semi-related to security” and can prove helpful for SecOps.