The Impact of Automation in Cybersecurity: The Good, the Bad and the Human

Malicious attacks aren’t just becoming more frequent—they’re becoming smarter, more costly, and more of a threat to businesses of all sizes.

The average cost of a data breach for U.S. companies last year was $8.2 million, up from $3.5 million in 2006, according to a Ponemon Institute study sponsored by IBM. As technology solutions evolve, bringing more automation and innovation, the risks are only getting greater.

“Data breaches are one of those ugly things that no one wants to talk about, yet they are a harsh reality that we all have to deal with and a new normal in cybersecurity,” said Corey McReynolds, managing consultant of professional services at Avertium, during the ChannelCon Online session, The Impact of Automation in Cybersecurity: The Good, the Bad and the Human.

Increasingly, emerging technologies such as artificial intelligence (AI) are having a big impact on the automation of cybersecurity, especially around behavioral analysis, which is helping businesses build better defenses against cyber threats, McReynolds said.

How to Deal with Malicious Attacks

The most common attacks are malware, phishing, and spear phishing, all of which are backed by social engineering functions such as open source data gathering, pre-texting and gathering information from social media, news outlets and other resources. How we respond to these threats will help determine how successful we are, according to McReynolds.

“We have decided that we as human beings do not have the speed, the dexterity, or the accuracy to keep up with the way a lot of these attacks are utilized. So, we are really leaning in on AI, machine learning and neural networking in order to power up security tools to combat these threats,” McReynolds said.

Anti-malware solutions are one form of machine learning used for cybersecurity defense, McReynolds said. It leverages a machine-learning database that uses previously detected forms of malware to identify various indicators of compromise. Anti-malware can be very adept at recognizing and protecting against malware variants. AI-based security tools are another form of protection. These tools can automate and orchestrate defense mechanisms and are available to respond and operate 24/7. Another popular trend is reflected in AI analytics algorithms, which are based on standard network behavior. These can yield highly accurate, timely and unique identification of unusual behavior from a system or user that we as human beings may not catch.

Why Isn’t Everyone Relying on These Tools?

If these tools are providing more accurate and timely results than humans can provide, why isn’t everyone relying on them? “The fact of the matter is that they still aren’t perfect,” said McReynolds. There are a lot of requirements for these tools to run smoothly and effectively.

1. Data, Data, Data: Machine learning is data intensive because decisions are made based on data, not just algorithms. These tools need approximately 10 times the amount of data in order to understand the details and dimensions of network behavior. Learning this amount of data takes time.
2. $$: Machine learning-based applications carry a cost premium, as does the talent necessary to operate and optimize them. These resources are in short supply and high demand, which can make them quite expensive.
3. One Tool in the Toolkit: Machine learning is one tool amongst many. We need to remember that there are traditional or core cybersecurity concepts that are integral to protecting our network, McReynolds said. “There is no silver bullet when it comes to security.”

The Call to Arms

Companies in the business of technology need to focus on a holistic approach to security by combining traditional concepts in security with new automated tools. Traditional concepts are critical to any security plan in an organization, but when combined with AI and machine learning, their capabilities are exponentially stronger. Layering these security concepts will increase our capabilities and allow us to keep up with the growing number of intricate attacks. But we need to make sure we have the following basics in place before jumping into AI- and machine-learning-based concepts:

• Perimeters such as firewalls, intrusion prevention systems, DMZs, and proxies
• Network coverage such as SIEM, VLANs, VRFs, and VPNs
• End-point protection such as antivirus, anti-malware, and encryption software
• Resources behind the scenes to satisfy training needs, create awareness and serve as human censors

These new concepts are not replacing our basic capabilities, they are just enhancing them, according to McReynolds. We are not replacing human intelligence. There are still people behind these machines that need to help set things up, make connections and provide awareness. With the help of AI and machine learning, these things are even more effective.

Access the full session starting here, or as part of our Day 3 archived stream, and catch all of ChannelCon Online at our CompTIA Communities & Councils YouTube channel.