AIOps Predictive Analytics for Networks
AIOps Predictive Analytics for Networks
Introduction
Network operations have traditionally been reactive. A link goes down, an application slows to a crawl, users open tickets, and engineers scramble to find the root cause. By the time the problem is identified and resolved, the damage to user experience and business productivity is already done. AIOps — Artificial Intelligence for IT Operations — fundamentally changes this model by shifting network management from reactive firefighting to proactive, predictive decision-making.
In this lesson, we explore how AIOps applies predictive analytics to enterprise networks. You will learn how telemetry data is ingested, analyzed through predictive models, and used to generate actionable path recommendations that improve application performance before problems escalate. We also cover how AI-driven policy analysis detects misconfigurations and security gaps in firewall rule sets, and how an AI Assistant can help network operators with both knowledge queries and real-time operational health checks.
By the end of this lesson, you will be able to:
- Describe the three-step AIOps workflow: telemetry ingestion, data analysis, and feedback loop
- Explain how predictive path recommendations work within an SD-WAN environment
- Understand Closed Loop Automation and how it modifies centralized policies
- Identify how AI-driven policy analysis detects configuration anomalies and security gaps
- Recognize the role of an AI Assistant in day-to-day network operations
Key Concepts
What Is AIOps?
AIOps refers to the use of artificial intelligence and machine learning to automate and enhance IT operations. In a networking context, AIOps platforms ingest massive volumes of telemetry data from network devices, apply predictive modeling to forecast issues, and deliver recommendations that operators can act on — or that the system can apply automatically.
The core value proposition is straightforward: transform IT operations from a reactive to a predictive model.
Core AIOps Components
| Component | Description |
|---|---|
| Telemetry Ingestion | Collecting network metrics from SD-WAN analytics and embedded agents |
| Predictive Modeling | Analyzing collected data to forecast network issues and recommend optimal paths |
| Feedback Loop | Fine-tuning SD-WAN policies to make path changes that improve application experience |
| Policy Analyzer | Detecting overlapping, hidden, or overly broad firewall rules and recommending optimization |
| AI Assistant | An interactive LLM-based interface for feature queries and operational health information |
Supported Application Groups
Predictive path recommendations work with out-of-the-box application groups that require no custom configuration:
| Application Group |
|---|
| Office 365 |
| Webex |
| Google Workspace |
| Salesforce |
| GoTo Meeting |
| Voice |
These application groups allow the AIOps engine to categorize traffic and apply per-application path analysis across your SD-WAN fabric.
How It Works
The Three-Step Predictive Analytics Workflow
The AIOps predictive analytics engine follows a three-step process that continuously monitors, analyzes, and optimizes network paths.
Step 1 — Ingest Telemetry. The system collects network telemetry via SD-WAN Analytics. This includes metrics such as loss, latency, and jitter across all available WAN paths between sites. A lightweight analytics module running on network devices feeds these metrics into the AIOps engine continuously.
Step 2 — Data Analysis. Predictive modeling algorithms process the ingested telemetry to forecast potential issues before they impact users. The engine identifies which WAN paths are degrading and calculates the estimated quality improvement if traffic were moved to an alternative path. The system then generates path recommendations, including the current path quality and the recommended path quality with an estimated percentage gain.
Step 3 — Feedback Loop. Based on the analysis, the system fine-tunes SD-WAN policies to redirect traffic along optimal paths. This closes the loop between monitoring and action, ensuring that application experience continuously improves.
For example, the system might determine that an application group is currently load balancing between two private WAN links — "private1" and "private2" — and recommend switching entirely to "private2" because predictive models show it will deliver better performance for that application.
Path Performance Details
When reviewing recommendations between two sites, the system provides detailed performance visualizations:
- Graphs showing default path quality versus recommended path quality between a selected device pair
- Color-coded lines reflecting the quality of each network path between the selected pair
- Line charts showing loss, latency, and jitter trends over each available path
These details give network engineers full visibility into why the system is recommending a particular path change, making it easy to validate the recommendation before applying it.
Closed Loop Automation
Closed Loop Automation takes predictive recommendations one step further by applying them automatically through policy changes. Here is exactly how the workflow operates:
- When a recommendation is applied via Closed Loop Automation, the workflow creates a copy of the AAR (Application-Aware Routing) Policy and a new site list containing the site-id of the corresponding site.
- The system modifies the AAR Policy sequence corresponding to the application and applies it to the site where the recommendation must be applied.
- If a user makes changes to the Centralized Policy after deploying recommendations, a revert action is triggered. The system removes all applied recommendations and reverts the Centralized Policy to the state it was in before the first recommendation was applied.
- After user changes to the Centralized Policy are complete, operators can use the bulk option to select multiple recommendations and re-apply them all at once.
Important: Any manual changes to the Centralized Policy after recommendations have been deployed will trigger a full revert of all applied recommendations. Always complete your manual policy changes first, then re-apply recommendations using the bulk selection option.
Reviewing Recommendations
The recommendation interface provides several views:
- Summary by Application Group — A high-level overview of all recommendations grouped by application
- Per-site recommendations — Drill down into specific sites across the network to see which path changes are suggested
- Application Group detail view — Click on any application group to see detailed path quality comparisons and estimated gains
Configuration Example
Activating Predictive Path Recommendations
Predictive Path Recommendations are included with the SD-WAN DNA Advantage (or higher) license. A ThousandEyes Enterprise Agent is not necessary — the feature works with embedded telemetry.
For brownfield deployments, the TE-EMBED-WANI license is pre-deposited into eligible customer accounts that already hold DNA Advantage licensing. For greenfield deployments, the embed SKU auto-expands when DNA Advantage is provisioned.
| Deployment Type | License Behavior |
|---|---|
| Brownfield (existing DNA Advantage) | TE-EMBED-WANI license pre-deposited in eligible accounts |
| Greenfield (new DNA Advantage) | Embed SKU auto-expands automatically |
Note: No separate ThousandEyes Enterprise Agent deployment is required. The predictive analytics capability is powered by WAN Insights using telemetry collected natively through SD-WAN Analytics.
Policy Analyzer and Optimizer
The Policy Analyzer and Optimizer uses AI to examine firewall rule sets and detect configuration problems that human review commonly misses. It addresses a widespread operational challenge: customers often do not fully use their security tools, or use them ineffectively, leading to weak security practices and misconfigurations that raise the risk of a breach.
The analyzer detects issues such as:
- Overlapping rules — A broad permit rule placed above more specific rules that match the same traffic
- Hidden rules — Rules that never match because earlier rules consume all matching traffic
- Overly broad rules — Rules that permit far more traffic than intended
- Stale rules — Legacy rules carried over from previous firewall platforms that are no longer needed
Key Statistic: In one real customer deployment, 81% of configuration anomalies were detected by the policy analyzer — issues that had gone unnoticed through manual review processes.
Adaptive Policy Insights
When customers transition from legacy firewalls to next-generation firewalls (NGFW), many legacy port-based rules are carried over without review. Additional port-based rules are often retained for convenience, but they can significantly weaken security posture. Adaptive Policy Insights addresses this by helping operators move from port-based rules to application-ID-based rules.
The system can:
- Detect legacy and unused rules
- Suggest application-aware replacements
- Prioritize high-risk rules for cleanup
| Benefit | Description |
|---|---|
| Reduced attack surface | Eliminating broad port-based permits tightens access control |
| Application-aware policies | Rules based on application identity rather than port numbers |
| Improved security posture | Removing stale and overly permissive rules reduces breach risk |
AI Assistant for Config Analysis
Users are notified of detected policy issues through the AI Assistant and can kick off remediation workflows through a conversational interface. This means that instead of manually sifting through hundreds or thousands of rules, engineers can interact with the AI Assistant to identify problems and initiate fixes in a guided, efficient workflow.
Real-World Application
Proactive Application Performance Management
In production SD-WAN deployments spanning dozens or hundreds of branch sites, manually monitoring path quality for every application across every site is impractical. Predictive path recommendations automate this process entirely. The system watches every path, for every application group, at every site — and surfaces only the recommendations that will deliver measurable improvement.
A common deployment scenario involves organizations running business-critical SaaS applications such as Office 365, Webex, or Salesforce across an SD-WAN fabric. Without AIOps, degraded path quality for these applications might go unnoticed until users report problems. With predictive analytics, the system identifies path degradation trends early and recommends — or automatically applies — path changes before users are affected.
Firewall Policy Hygiene at Scale
Enterprise firewalls accumulate rules over years of operation. As teams change, as applications are retired, and as compliance requirements shift, rule sets grow bloated with redundant, stale, and conflicting entries. The Policy Analyzer and Optimizer provides continuous, automated auditing of these rule sets, surfacing anomalies that even experienced security engineers might overlook.
Organizations that have migrated from legacy firewalls to NGFWs benefit especially from Adaptive Policy Insights. Rather than carrying over hundreds of port-based rules and hoping they are still relevant, the AI-driven analysis identifies which rules can be replaced with application-ID-based equivalents — reducing the attack surface while improving policy clarity.
AI Assistant for Day-to-Day Operations
The AI Assistant for Networking is an interactive, LLM-based tool that supports two primary use cases:
- Knowledge Fetch — Engineers can ask feature-related questions, and the assistant retrieves answers from documentation, eliminating the need to search through manuals and release notes
- Network Operational Queries — Engineers can query the assistant for real-time health information about the network, such as device status, path quality, or policy state
Note: The AI Assistant requires connectivity to the cloud to function. It is designed as an operational aid that complements — not replaces — the engineer's expertise.
Maximizing Feature Adoption
Beyond best-practice recommendations and policy optimization, the AIOps engine also helps organizations identify and understand underutilized features. This brings awareness to capabilities that customers have already licensed but may not be taking advantage of, helping maximize return on investment.
Summary
- AIOps transforms network operations from reactive troubleshooting to predictive, data-driven management through a three-step workflow: telemetry ingestion, predictive data analysis, and a feedback loop that fine-tunes SD-WAN policies.
- Predictive Path Recommendations analyze loss, latency, and jitter across WAN paths and recommend optimal path changes per application group, per site — with estimated percentage gains in path quality.
- Closed Loop Automation applies recommendations by copying AAR policies and creating site-specific configurations, with built-in safeguards that revert changes if the Centralized Policy is manually modified.
- Policy Analyzer and Optimizer uses AI to detect overlapping, hidden, stale, and overly broad firewall rules — catching up to 81% of configuration anomalies in real deployments — and Adaptive Policy Insights helps migrate port-based rules to application-ID-based rules.
- The AI Assistant provides an LLM-based conversational interface for both knowledge queries and operational health checks, streamlining day-to-day network management.
In the next lesson, we will continue exploring how AI and ML capabilities integrate into network infrastructure, building on the predictive analytics foundation covered here.