Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven power of machines versus the nuanced capabilities of humans in the security space.
While automation is king in detection and reporting, it’s tough to replace humans’ capacity for layered analysis and follow-up.
Consider your organization’s unique environment and vulnerabilities to determine the right mix of manpower and machine power to apply to your data security.
With every unknown comes opportunity.
A few decades ago, there was a lot we didn’t know about the degree to which machines would replace humans. Now, we may not necessarily be afraid of being replaced, but we’ve reached the pivotal moment in the technology’s development in which it’s time to assess out our relationship with it.
Cybersecurity professionals have no choice but to step right into the ring with all things AI and machine learning, including the question of how much to rely on tech advancements.
While man and machine don’t have to fight, per se, it’s natural for us to pit these two entities of intelligence against each other. After all, we can do many of the same things, but in different ways.
Machines bring the power
If you’re old enough to remember movies and sci-fi novels that predicted the dangerous rise of artificial intelligence in the twenty-first century, you probably also remember how off most of them were in their predictions.
The degree to which machines have “taken over” has been largely positive for businesses. In cybersecurity, Colin proposes that we think of machines as true partners because of one major power they possess: the ability to automate.
“The mantra for those of us in this space needs to be: Automate as much as possible.” Colin Henderson, VP of Security, OneTrust.
Ray’s team has used automation for jobs like reimaging a device after malicious software has been detected and migrating alerts from third-party detection sources into an internal ticketing system.
At its core, automation is about performing mundane responsibilities better and faster than people can. Security teams can transform their:
Capacity to detect threats across a broader amount of data
Allocation of valuable time
Reporting style — and how much reporting you do
Bandwidth to give attention to more alerts
Because of its dramatic impact, automation has inspired leading organizations to develop full teams around programming machines instead of hiring more security analysts.
Even if you’re not ready to commit to using machines to that degree, your organization can benefit from the high-quality data mining they provide. Colin notes that machines can now give us analytics about behavioral and transactional activities that weren’t available in the recent past.
We can use that data to answer questions such as:
What actions do our systems take individually?
How smoothly does each system communicate with others?
Where are the bottlenecks in our processes?
Is it time to hire or cut back on our staff?
Humans bring the intuition
All of us walking around with a tiny computer in our pocket know there’s a certain je ne sais quoi about harnessing machine power.
But just like the novelty of smartphones has worn off, the excitement about machine learning in the workplace has been lessened by its ubiquity — and our wariness. The reality is that – as a rule – we don’t yet completely trust non-human workers.
“The system is never going to give you a true thumbs-up or thumbs-down on whether something is a problem or not,” says Colin. “We still need a human to look and understand whether an alert is benign or malicious.”
It’s man’s capacity for verifying machines’ filtered data and handling caveats and outliers that makes many people feel better about leaving data security in their own hands. People don’t just notice a potential threat and point out the pattern; they can thoroughly answer the ultimate question: Why is this happening?
This understanding of the “why” also means that we can see when the one-size-fits-all approach isn’t working.
Ray explains: “Regardless of how great a tool is, there's still a level of customization that happens when humans follow up. That's necessary to get good value because there are always edge cases of companies doing things slightly differently that need to be taken into account.”
It’s a draw
There will never be an objective answer to the man or machine quandary because it’s not an either/or decision.
For your company to remain forward-thinking and competitive, and for your data to remain secure, using a custom blend of artificial and human intelligence is not only needed but necessary.
“The better you understand these different complementary systems, the further you can go to better understanding the use cases and the playing field you’re on,” says Ray.
Think of it as a checks-and-balances situation. You may do well using primarily human labor right now, but a year from now, you could benefit from weighing your environment’s vulnerabilities against the cost of outsourcing time-consuming tasks to a third party with established AI capabilities.
Essential questions to ask when considering automation
Each time you review your respective reliance on man and machine, ask yourself and your team the following:
What are we losing in terms of resources by not automating certain tasks?
Do we anticipate our sheer amount of detection and response to increase, and how might automation reduce the associated burden?
What context might we be missing by depending on machines?
Is there an opportunity to shift human job titles and responsibilities to allow for coordination with AI-powered technology?
Can we quantify the value we could get from a third-party MDR provider?
How much do we currently invest in onboarding and training new employees, and how much would it cost to implement a new tech solution instead?
Are you taking the time to talk through the threats that would affect your organization?
Are you taking the time to map those threats to what data sources would help you understand that the threat is present in your environment?
Is this something that your provider can do for you, or is something that you have to build yourselves?
Your answers to these questions will likely shift, as this is a dynamic process, but it is clear we need help from multiple sources. The most efficient and accurate approach to data security necessitates a truce. Man and machine must shake hands and own the parts of the process they each do best.