• Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven power of machines versus the nuanced capabilities of humans in the security space.
  • While automation is king in detection and reporting, it’s tough to replace humans’ capacity for layered analysis and follow-up.
  • Consider your organization’s unique environment and vulnerabilities to determine the right mix of manpower and machine power to apply to your data security.

With every unknown comes opportunity.

A few decades ago, there was a lot we didn’t know about the degree to which machines would replace humans. Now, we may not necessarily be afraid of being replaced, but we’ve reached the pivotal moment in the technology’s development in which it’s time to assess out our relationship with it.

Cybersecurity professionals have no choice but to step right into the ring with all things AI and machine learning, including the question of how much to rely on tech advancements.

LogicHub’s Willy Leichter chatted about the man-versus-machine dilemma with two industry leaders: Colin Henderson, VP of Security at OneTrust, and Ray Espinoza, VP of Cloud Security at Medallia.

Here’s what they had to say about the relative strengths and weaknesses of humans and machines — and their complex relationship.


Whitepaper: Power to the People - Democratizing Automation & AI-Driven Security

Contenders in the data security ring

While man and machine don’t have to fight, per se, it’s natural for us to pit these two entities of intelligence against each other. After all, we can do many of the same things, but in different ways.

Machines bring the power

If you’re old enough to remember movies and sci-fi novels that predicted the dangerous rise of artificial intelligence in the twenty-first century, you probably also remember how off most of them were in their predictions.

The degree to which machines have “taken over” has been largely positive for businesses. In cybersecurity, Colin proposes that we think of machines as true partners because of one major power they possess: the ability to automate.

“The mantra for those of us in this space needs to be: Automate as much as possible.” Colin Henderson, VP of Security, OneTrust.

Ray’s team has used automation for jobs like reimaging a device after malicious software has been detected and migrating alerts from third-party detection sources into an internal ticketing system.

At its core, automation is about performing mundane responsibilities better and faster than people can. Security teams can transform their:

  • Capacity to detect threats across a broader amount of data
  • Allocation of valuable time
  • Reporting style — and how much reporting you do
  • Bandwidth to give attention to more alerts

Because of its dramatic impact, automation has inspired leading organizations to develop full teams around programming machines instead of hiring more security analysts.

Even if you’re not ready to commit to using machines to that degree, your organization can benefit from the high-quality data mining they provide. Colin notes that machines can now give us analytics about behavioral and transactional activities that weren’t available in the recent past.

We can use that data to answer questions such as:

  • What actions do our systems take individually?
  • How smoothly does each system communicate with others?
  • Where are the bottlenecks in our processes?
  • Is it time to hire or cut back on our staff?

Humans bring the intuition

All of us walking around with a tiny computer in our pocket know there’s a certain je ne sais quoi about harnessing machine power.

But just like the novelty of smartphones has worn off, the excitement about machine learning in the workplace has been lessened by its ubiquity — and our wariness. The reality is that – as a rule – we don’t yet completely trust non-human workers.

“The system is never going to give you a true thumbs-up or thumbs-down on whether something is a problem or not,” says Colin. “We still need a human to look and understand whether an alert is benign or malicious.”

It’s man’s capacity for verifying machines’ filtered data and handling caveats and outliers that makes many people feel better about leaving data security in their own hands. People don’t just notice a potential threat and point out the pattern; they can thoroughly answer the ultimate question: Why is this happening?

This understanding of the “why” also means that we can see when the one-size-fits-all approach isn’t working.

Ray explains: “Regardless of how great a tool is, there's still a level of customization that happens when humans follow up. That's necessary to get good value because there are always edge cases of companies doing things slightly differently that need to be taken into account.”

It’s a draw

There will never be an objective answer to the man or machine quandary because it’s not an either/or decision.

For your company to remain forward-thinking and competitive, and for your data to remain secure, using a custom blend of artificial and human intelligence is not only needed but necessary.

“The better you understand these different complementary systems, the further you can go to better understanding the use cases and the playing field you’re on,” says Ray.

Think of it as a checks-and-balances situation. You may do well using primarily human labor right now, but a year from now, you could benefit from weighing your environment’s vulnerabilities against the cost of outsourcing time-consuming tasks to a third party with established AI capabilities.

Essential questions to ask when considering automation

Each time you review your respective reliance on man and machine, ask yourself and your team the following:

  • What are we losing in terms of resources by not automating certain tasks?
  • Do we anticipate our sheer amount of detection and response to increase, and how might automation reduce the associated burden?
  • What context might we be missing by depending on machines?
  • Is there an opportunity to shift human job titles and responsibilities to allow for coordination with AI-powered technology?
  • Can we quantify the value we could get from a third-party MDR provider?
  • How much do we currently invest in onboarding and training new employees, and how much would it cost to implement a new tech solution instead?
  • Are you taking the time to talk through the threats that would affect your organization?
  • Are you taking the time to map those threats to what data sources would help you understand that the threat is present in your environment?
  • Is this something that your provider can do for you, or is something that you have to build yourselves?

Your answers to these questions will likely shift, as this is a dynamic process, but it is clear we need help from multiple sources. The most efficient and accurate approach to data security necessitates a truce. Man and machine must shake hands and own the parts of the process they each do best.

The Definitive MDR Buyer’s Guide: Everything You Need to Know to Choose the Right Managed Detection and Response Service

LogicHub harnesses the power of AI and automation for superior detection and response at a fraction of the cost. From small teams with security challenges, to large teams automating SOCs, LogicHub makes advanced detection and response easy and effective for everyone.


Related Posts

September 13, 2022 Kumar Saurabh

Why No Code Solutions Are a Double-Edged Sword

Most out-of-the-box security automation is based on a simple logic — essentially, if “this”...

Learn More

August 16, 2022 Willy Leichter

Understanding MDR, XDR, EDR and TDR

A program with proper threat detection and response (TDR) has two key pillars: understanding the...

Learn More

August 9, 2022 Willy Leichter

Intuition vs. Automation: What Man and Machine Bring to Data Security

Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven...

Learn More

August 2, 2022 Anthony Morris

Using AI/ML to Create Better Security Detections

The blue-team challenge Ask any person who has interacted with a security operations center (SOC)...

Learn More

July 26, 2022 Willy Leichter

How to Select the Right MDR Service

It can be difficult to understand the differences between the various managed detection and...

Learn More

July 21, 2022 Willy Leichter

The Evolving Role of the SOC Analyst

As the cyber threat landscape evolves, so does the role of the security operations center (SOC)...

Learn More

July 19, 2022 Kumar Saurabh

Life, Liberty, and the Pursuit of Security

As cyber threats evolve, organizations of all sizes need to ramp up their security efforts....

Learn More

July 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: July 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

July 12, 2022 Willy Leichter

Security Tools Need to Get with the API Program

No cloud API is an island The evolution of cloud services has coincided with the development of...

Learn More

July 6, 2022 Willy Leichter

Why the Rush to MDR?

LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and...

Learn More