Why the next generation of security platforms should be autonomous

secured network of computers with locks displayed on screens

The natural connection between machine learning and cyber security

Machine learning and autonomous systems have become hot topics being discussed and reported on in both academia and the media. With AI and machine learning developing rapidly across most industries, shouldn’t the next step in the global tech industry be autonomous systems? Especially in cyber security, where only machine learning can keep up with the pace of new threats that are cropping up every day.

A rules-based, automated security system still falls short; It’s not enough just to detect risks, if one must identify and create rules, an autonomous system can learn to do it on its own. A truly beneficial security platform not only detects a risk but also autonomously mitigates it, making the entire security chain effective in real-time. A platform that triggers an alert whenever a threat is nearby might sound useful, but, in reality, it often creates too much noise and increases IT staff’s workload. After a while, IT becomes fatigued with the high volume of false positives.

Automatic systems are not enough to decrease IT overload in a cloud-based environment

IT staff have a lot to juggle. From multiple platforms to trying to keep up with a constantly growing BYOD landscape combined with cloud-based services and enterprise data hygiene maintenance. IT teams build the foundation of their company’s cloud security protection on three main pillars; access control, threat detection and data control, resulting in the need to deploy at least three separate platforms.

This obviously increases staff’s workload. First by having to connect any new cloud-based platform to existing protection solutions, and, second, by generating numerous alerts from different users, using various devices to access different services. While an automatic platform might be able to solve the first issue by providing pre-integrated API connections, it won’t be sufficient for the second issue. An automatic solution might have a specific rule in place to detect specific threat scenarios, but it will only alert about them, failing to reduce unnecessary ‘noise’ for the IT department. Only an autonomous platform, able to detect and also mitigate threats can help reduce IT teams and staff workload.

We see many examples that could benefit from autonomous systems in cyber security and specifically cloud security. For example, for threats detected on a user’s BYOD device, IT security staff can’t do anything because the user owns the device. The required security service, in this case, is a system that can block the device autonomously, preventing it from harming, or even accessing any corporate assets. Without proper mitigation and real-time action, all we’re left with is relying on the user acting responsibly. However, even the most responsible user is unable to take action while asleep or away from their device.

Why autonomous systems should be adopted and encouraged by any IT expert.

Those growing up in the 90’s, watching the Terminator and other action sci-fi movies, are now responsively thinking about the rise of the machines and the risks involved with replacing people with a more robot-form work-force. While in fact there is no real reason to be worried. First, because data collected in the last three years, shows a growing number of unmanned positions in the cyber-security industry, and, second, the need for IT personnel is expected to grow so rapidly it will triple by 2021. No one is looking to replace workers. In fact, by adopting autonomous systems, personnel occupying their current positions will be able to work on far more critical tasks and IT strategy management, while still getting rid of an enormous amount of drudgery work.

Another popular fear is the fear of a little black box making decisions previously made by security experts. Decisions for which experts may still be held accountable. With sensitive organizational data threatened all the time, this fear makes a lot of sense. Autonomous system providers need to establish an environment of trust with their users and IT team leaders. They need to help everyone involved understand the decisions being made and show a clear trail of everything done by the system, not only to promote trust but for both forensic and learning purposes. By doing this, they can overcome any fears and invoke a level of confidence in autonomous systems.

From sci-fi futuristic predictions to everyday reality, machine learning devices are here

The idea of autonomy can be frightening; from self-driving cars to movies signaling the rise of malicious robots, the entire concept can be alarming to some yet exhilarating to others. However, we have to overcome the fear of fully autonomous platforms.

No one can deny the innovation is here, even in our domestic environment, whether it is Nest’s smart thermostat that programs itself to fit its owner temperature preferences at any given time or the Moley Kitchen robot that can cook an entire dinner from scratch on demand. What used to be science fiction is now a reality. Machines can now learn on-the-go and make smart decisions faster and more accurately than people, making it easier to offload work from staff to machines in almost every industry.

With needs and requirements changing fast across all sectors, and specifically in cyber security where new threats are emerging every day, expect to see a rise in autonomous systems based on machine learning.

Copyright © 2018 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)