The Pros and Cons of Automated Cybersecurity
When Microsoft announced in June that it was buying the U.S.-Israeli artificial intelligence cybersecurity firm Hexadite (for a reported $100 million), it underscored the role of automation in countering next-generation security threats.
Cybersecurity automation has been heralded as the future of IT security, and Microsoft’s deal highlights the importance of using technology to stay ahead of the threats companies face.
Automation can help spot attacks before they begin and save IT staff members’ time, enabling them to focus on other tasks. However, the potential downside of automation is that a one-size-fits-all approach to cybersecurity crowds out human judgment and control.
Hexadite’s Automated Incident Response Solution (AIRS) technology “is designed to investigate alerts and remediate threats either without human intervention or in a semi-automated mode,” ZDNet reports. Microsoft says the company’s tools can prevent data breaches, enhancing security and productivity while reducing costs.
“Our vision is to deliver a new generation of security capabilities that helps our customers protect, detect and respond to the constantly evolving and ever-changing cyberthreat landscape,” Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group, said in a statement. “Hexadite’s technology and talent will augment our existing capabilities and enable our ability to add new tools and services to Microsoft’s robust enterprise security offerings.”
Microsoft plans to merge Hexadite’s technology into its Windows Defender Advanced Threat Protection solution, which it uses to detect zero-day attacks, ransomware and other advanced cyberthreats. Hexadite will bring “artificial intelligence-based automatic investigation and remediation capabilities, making response and remediation faster and more effective,” Microsoft says, and WDATP “will include endpoint security automated remediation.”
SIGN UP: Get more news from the BizTech newsletter in your inbox every two weeks!
Automated Cybersecurity Makes IT Security Easier
Cybersecurity automation can take a complex and growing threat landscape and make it easier for IT teams to manage.
As a September 2016 article form Deloitte University Press notes: “There are not enough cyber specialists in organizations to deal with the number of threats today, and the imbalance will likely become much worse. Cybersecurity is too often reactive to hacks and breaches, with actions only taken after (sometimes long after) a problem has occurred.”
For years, companies have relied on threat signatures based on patterns of previous attacks to spot and stop cyberattacks. However, the report notes that a signature-based approach is “of limited value in preventing new types of attacks.”
Analytics can predict and screen threats and then, when a threat is detected, “take some automated corrective actions,” the Deloitte article notes.
“Given the sensitivity of cybersecurity issues, there is also no doubt that humans will still be necessary to confirm and investigate threats, particularly when they are internal,” the article says. “But their jobs will be made much easier and more productive with some help from technology.”
Joerg Sieber, director of product marketing performance at Palo Alto Networks, notes in a blog post that cybersecurity automation can lead to a host of benefits: streamlined processes, less duplication, reduced complexity, fewer human errors, improved knowledge sharing and faster decision-making.
Automation can cut duplicative processes, bring cohesiveness and consistency to cybersecurity responses, compensate for fatigue among IT security staff members and harmonize cybersecurity data. “Automation can correlate information across different data sources, resulting in faster threat detection than possible with manual analysis,” Sieber writes.
TechCrunch notes that “Hexadite is part of what you might call that new guard of security companies, building solutions based on machine learning and AI modelled on ‘top cyber analysts' to try to tackle threats more like the smartest humans would.” Those companies include Crowdstrike, Cylance and Harvest AI, the report notes.
Potential Downsides to AI in Cybersecurity
As with any new technology, using AI to enhance cybersecurity is not an unalloyed good.
Sieber notes that there is a “perceived loss of control” with automated cybersecurity. “Let’s face it, we all feel like we can do a better job at keeping our companies secure than technology alone,” he says. “But the fact remains that there are limitations as to how much analysis can be done manually in any organization.”
IT staff members may also have an inherent “distrust in technology,” Siebert adds. “The feeling that automated technology will overlook threats or overblock the employees in our organizations is another very powerful, yet emotional argument against automation,” he says.
Finally, IT staff members may not want to use automation because they fear change. “What will automation of security do in my organization? How will it impact my job?” he says. “Most security professionals feel overwhelmed but have accepted this situation as just a part of their job. A reduction of this stress could feel like they are not protecting their companies efficiently.”
Simon Crosby, CTO of endpoint security company Bromium, calls machine learning the pipe dream of cybersecurity, arguing that “there’s no silver bullet in security.”
What backs up this argument is the fact that in cybersecurity, you’re always up against some of the most devious minds, people who already know very well how machines and machine learning works and how to circumvent their capabilities. Many attacks are carried out through minuscule and inconspicuous steps, often concealed in the guise of legitimate requests and commands.
With that in mind, Karin Shopen, director of global campaigns for cybersecurity at Palo Alto, says that automation should be used in specific areas. In a blog post, she writes companies should employ automation to correlate data, generate protections faster than attacks can spread, implement protections faster than attacks can progress and detect infections already present in the network.