Executive Viewpoint 2018 Prediction: Portnox – How AI, Machine Learning and Automation will Dominate Security
It’s hard to imagine that a day goes by without at least one cyber attack bearing down on company — big or small. With technology already acting as the lifeblood of our economy and society, hackers now have more methods to distribute mayhem than they know what to do with. One of the more recent “inventions” (as it could be called) that have a noted impact on cybersecurity is automation, or methods to enable instant and informed security decisions across a network. While it’s clear that enterprises need automated security solutions to beat off the advances of hackers who increasingly depend on “bots” and other advanced tools, both the benefits and challenges should be considered in implementing this vital technology trend. 2018 is likely to produce security solutions that, in the most novel of ways and by integrating machine learning and AI, can find a balance between the pluses and minuses of automation so that moving forward, it will be truly indispensable.
But the conversation around the future of automation starts with understanding automation itself. According to Harvard Business Review, there are three ways that work – previously carried out by humans – can be automated. It begins with robotic process automation, which hardly applies to cybersecurity applications in the enterprise. Then there’s cognitive automation, which is more complex, based on machine learning/AI and needs data and humans in order to learn processes. Cognitive automation is really what is relevant when discussing automation in security, with the next step being social robotics, or when the machines become even more like humans (which at this stage is still hard to imagine). At the moment, hackers are using both cognitive automation and early versions of social robotics (via social engineering techniques) to carry out the most advanced, prolonged and vicious cyber attacks the world has seen. Yes, that’s right. This is way worse than the Sony hack, Mirai botnet and WannaCry ransomware attack combined.
The reason: because these attacks are so hard to stop. Existing security solutions are only beginning to integrate automation, but the learning gap is still too great to compete with hackers (some of which design robots and AI solutions as their profession). Still, the overwhelming conclusion is that in order to beat hackers at their own game, companies need automated security solutions to keep up because the capital expense of hiring thousands of security specialists to address these attacks would be too great. The truth is: despite its benefits, automation is a bit of a sticky slope, which is why when companies ask if they should pursue automated security solutions or not, there’s never a clear-cut answer.
Benefits of automation
The benefits are relatively straightforward. The first is, of course, improved efficiency and elimination of error (with some caveats – see below) in performing security checks. One of the major causes of cyber attacks is human error, which is an area of risk that automation could potentially eliminate with the speed and efficiency of a machine. This could help security teams identify areas of risk that they should be aware of and triage alerts according to machine-derived data. That data also provides security teams with heightened visibility into potential areas of risk arising from malicious devices and missing patches, which are increasingly prevalent because of growing Internet of Things and BYOD trends. Furthermore, once such vulnerabilities have been identified (according to the organizational security policy), automated solutions create the possibility to carry out system-wide patching of endpoints, resulting in a tight security posture that will be difficult for hackers to manipulate. Additionally (and not finally, because the list of benefits is quite long), automation frees up security teams to invest more time in developing advanced policies derived from a wider base of machine-collected data. This not only increases visibility into the network and its lingering areas of vulnerability, but increases accountability on the part of security professionals, employees and the organization on a whole.
While there are many benefits, there are more than a few challenges with the shift to automated security. It begins with false positives (that point I promised to get to earlier). By asking machines to learn and understand humanmade security policies, companies are almost asking for false positives to happen, or indications of a threat on the system that isn’t really there. Besides the uproar it could cause, it might also jeopardize key systems in the company, especially if the policies are correlated (as they should be) with automated actions, which leads to the next point of automation affecting business continuity. If a critical industry like healthcare or finance depends on an automated security solution, could they be putting their business, or even lives at risk? What’s more, with automated patch updates, companies could be increasing their attack surface by informing hackers of their security posture by proxy. This makes it possible for them to know exactly which vulnerabilities to manipulate, with the potential to affect entire industries if automation technology becomes an issue of legal compliance, which it well may in some industries (such as finance). Finally, and this time most importantly, humans will always know things that machines don’t, and without the appropriate business context, intuition and adaptability, securing an organization could become a robotic matter in which it’s difficult to identify new threats (until a friendly human does) and rebut complex challenges.
Where will automation fit into security priorities in 2018?
That said, there is certainly a place for automation in the future of cybersecurity solutions; indeed, many existing solutions for network control, threat remediation and event management already integrate automation. Yet the most successful automated security solutions will do one thing that today’s solutions don’t – they will integrate human input with machine/artificial intelligence to arrive at the optimal security policy based on the specific behavior and needs of an organization. The automated solution of the future will use actionable intelligence to inform security professionals of the state of their network, while suggesting a number of automatic remediation methods that will be carried out based on an optimized security policy. In this system, the human element isn’t necessary the deciding factor when it comes to specific actions (as we already know that this takes too much time away from more important tasks), but rather the editor and final word on a company’s security policy – which is what the machine works on at the end of the day.
2018 is going to be a big one for automation in all of its forms, but for security in particular. People, companies and governments are in dire need of effective cybersecurity solutions that can answer to the increasing complexity and malevolence of cyber attacks on a global scale. While we hope, on the one hand, such automated solutions won’t end up overpowering human reason (like in Minority Report) on the other, we increasingly depend on them to protect our data, business and digital lives that are housed on the Internet.
Currently at #NRF2018? Take our #Data2020 quiz to be armed with all of the faux pas of #BigData http://bit.ly/2j92BYJ