Automation: Moving Security from Human to Machine Speed, and All its Implications
Part 2 in a 3-Part Series
This is Part 2 of a 3-part series. Read the first part of the Automation to Address the Security Talent Crisis series here.
Security teams today are under-staffed, over-worked, under-funded and struggling to stay abreast of the ever-changing threat landscape. Many security analysts work long hours poring over millions of security events to protect systems and fix vulnerabilities. Simply put, there is too much information and not enough analysts.
Fortunately, humans are not the only answer for solving the cybersecurity crisis.
Shifting Security from Human to Machine Speed
The process of automation to move security from human to machine speed is the next frontier in cybersecurity. “Skills shortages, technical complexity and the threat landscape will continue to drive the move to automation and outsourcing,” marketing research firm Gartner says.
Humans are limited in their ability to process vast amounts of information with reasonable response times. This is where security solutions that use Machine Learning (ML), Artificial Intelligence (AI) and automation can help as they can handle millions of events in a single day.
Leading the cybersecurity threats list is the “too much data” problem. The average security team manages more than 50 security-specific tools that generate overwhelming log and event data. They need to be able to sift through all that noise and focus on events that pose the greatest risk to their company. For example, most Intrusion Detection System (IDS) tools are very noisy, generating in excess of 40 million monthly events on average networks. Organizations can’t realistically staff up to evaluate all those events.
But computing power with robust machine learning gives the security analyst a fighting chance. Time is always the limiting factor when dealing with legitimate security events – the quicker the analyst can identify a critical event, the quicker they can mitigate it and protect their organization. Machine learning with the “right amount of data” can quickly sift through those 40 million events and escalate the four or five per month that require attention.
Automation is gathering market momentum. More organizations are moving towards Unified Security Analytics Platforms and applying machine learning and AI to find the needles in the haystacks, and automating responses to those events.
SOAR (security orchestration and automation response) tools are becoming more widely adopted as they help the under-skilled and under-staffed security teams automate some of the more repetitive tasks that a first-line analyst must manage. This allows those analysts to focus on more critical events and in the process, grow their skill sets quicker. SOAR tools with “the right amount of data” are even more effective, bolstering the automation and response capabilities security teams desperately need.
What AI can do for Cybersecurity
Incorporating AI and machine learning offers the opportunity to increase productivity and efficiency, while helping to improve security posture. The most significant benefit to security professionals would be quicker detection by reducing the amount of time and effort needed to investigate, evaluate and mitigate an alert. There are a host of other benefits as well, such as:
- Reducing the number of false-positive alerts
- Increasing the opportunity to detect attacks before they do damage
- Automating tasks in the investigation, decision-making and remediation processes
- Freeing up security teams to focus on critical events that can cause brand and reputation loss to their respective organizations
It's Not Humans vs Machines
Despite common misconceptions, these machine learning and AI tools cannot completely replace humans. Instead, they should be used to automate the numerous and repetitive tasks that are currently filling the workflows of security teams, such as testing, basic threat analysis and data deception tactics.
There is a severe shortage of advanced cybersecurity skills in today’s IT talent pool. Automation may not completely bridge this gap, but it will help security professionals quickly find and focus on the needles in the haystack.
To adequately address today’s—and tomorrow’s—threats, security teams need and deserve every resource and tool available. By embracing AI and machine learning solutions, companies will be equipped and empowered to thwart increasingly sophisticated cyber threats, lighten the workload of security analysts and stay technologically competitive.
Stay tuned for Part 3: What We can Do to Bridge the Cyber Skills Gap