In January, Masergy predicted that 2019 will be “The Year of Artificial Intelligence.” There’s no question that the term is popping up everywhere as enterprises yearn to turn big data into a competitive edge. The same goes for cybersecurity. Everyone wants to leverage machine learning, behavior analytics, and AI so IT teams can “up the ante” against attackers. But have we arrived at true security automation yet? What role are emerging technologies playing in security today, and are people still your best asset? Let’s explore the impact of modern advances on cybersecurity.
Unpacking Technology Claims: People are Still 50% of the Equation
Today, the security market includes a dizzying array of technology-based products that all make a very bold claim–to automate the collection, correlation, and analysis of everything happening on your network. But those claims are only partially correct. Modern technologies are automating the collection and correlation, but not the full analysis. We haven’t crossed the chasm of “dehumanizing” cybersecurity yet. Despite what some might try to sell you, solutions still require a certain level of security knowledge, expertise, and support to work as advertised. Let’s “peel the onion” a little to expose the hype and show where security analysts are still necessary.
- Artificial Intelligence: AI is advertised much like magical pixie dust. Just sprinkle a little here and there, and BOOM. Suddenly, cybersecurity is like a self-driving car! The reality is that “AI solutions” today are based more in machine learning and behavior analytics, which does NOT equate to higher levels of human intelligence and complex decision making. These solutions are very good at spotting anomalous behavior, but they still require security analysts to investigate the findings.
- Cloud Technologies: The cloud can also be overhyped. While the shared security model is taking some security pressure off the SOC, enterprises who have migrated infrastructure, platforms, and apps do not shed all security responsibilities. They must still ingest and evaluate security data and verify that the cloud provider is doing their job correctly.
In fact, even in the “age of AI,” Masergy advises its customers that talent still represents as much as 50 percent of the success equation.
Fully Automated Solutions: Not Necessarily Just Around the Corner
Uncertainties are a major roadblock in automating cybersecurity. The software developers can only automate what they’re certain about, and there is an enormous amount of uncertainty in the work at hand. For instance, malware programs mask their true nature, so even security professionals are not always 100% sure which activity is “good” and “bad.” When the rules aren’t clearcut, humans are far better at making the necessary judgement call. Thus, it might be a long time before anyone reduces security operations into a standalone machine. Where does this leave CISOs and their technology investments?
The Best Approach: Teams Backed by Technology
Security leaders should prioritize intelligent data interpretation over simply collecting and pumping more data through computer algorithms. Automation undoubtedly has a place in cybersecurity and warrants the IT spend, but currently its greatest strengths are in its ability to augment existing detection and response efforts by bringing security tools together to assist people. Leveraging emerging technology to accelerate the work of the threat detection team and hasten response is as close to a silver bullet as you’re going to get today. That’s the best approach.
The Culminating Question: Find Your Force Multipliers
One single question can help security leaders in measuring the strength of their technology and security service investments: Is your security solution a force multiplier or a force divider? Hopefully your investments create more protective force than tasks for your internal team. I have come across countless “solutions” that are good at automating the identification of threats but ultimately create more work for the customer than they actually relieve. And typically, this is due to the lack of security expertise available to monitor and manage everything for the given network. The most effective “AI solutions” are the ones that combine people, process, and technology, which together optimize all security resources as a force multiplier.
Final Thoughts
Masergy’s managed detection and response solutions combine the latest machine learning and behavior analytics with a team of tenured security analysts to accelerate security processes and decrease dwell time. When you’re looking for a technology-driven solution backed by security professionals and an industry-leading customer experience, call on Masergy.
