Man and machine: combining intelligences to improve security

There are moments when I am engrossed in an interview that feel very much like Groundhog Day for me. Regardless of the person with whom I am speaking with in the cyber security industry, what I hear is very much the same. Threat intelligence overload, visibility, automation, machine learning, jobs gap.

Inevitably, the question that guides the work of most security practitioners is how do we solve these problem? 

RiskSense CEO Dr. Srinivas Mukkamala said that implementing the OODA (Observe, Orient, Decide, Act) Loop concept in day-to-day cyber risk management operations can have a tremendous impact on cyber risk management in the enterprise.

Greg Martin, founder and CEO of JASK, however, said that artificial intelligence seems like the right technology to solve these problems.

[ ALSO ON CSO: Supplementing cyber security strategy with Artificial Intelligence ]

Here is a little bit more information about each to help you decide what might be most helpful to consider when looking at the risks to your enterprise. Remember that not every strategy is right for every organization. There is no silver bullet in security, if there were, you wouldn’t be reading this blog because you’d already have all the answers. 

What I appreciate about both the OODA Loop and AI is that they are not market products but concepts that are very much in development now. 

The OODA Loop concept, as explained by Mukkamala relies on the four principles of observe, orient, decide and act in a slightly different way.

Mukkamala said, “Observe means getting complete awareness and full visibility of everything from the human element, application layer, end stack or human network interface to the system layer. The network element itself. The fundamental composition of computing stack.”

Having the tools that give you the holistic view of your entire environment is essential to being able to observe your entire environment, but what is most important is agility.

“Once you have a good understanding and good sensors/tools to give you the visibility into the computing stack, you need to be agile enough to adapt and orient to be sure you are getting the correct information that will assist and guide you to make decisions that will allow you to act in a faster and more effective way,” said Mukkamala.

The loop is continuous in nature in order to ensure the actions you have taken are correct whether you are blocking, doing remediation, or making changes, and Mukkamala said rather than waiting to respond to an incident, “Let’s do it proactively.”

In theory, being proactive makes a whole lot of sense, but in reality, “There are not enough skilled human workers available to do this type of work. Even if we had enough people, at the rate that attacks are growing, we still wouldn’t have enough people. Humans are not a viable solution to this problem,” said Martin.

Maybe, then, the combination of proactively applying the OODA loop concept with AI might be the silver bullet everyone is hoping for?

Martin said, “AI by itself is not better than a human, but develop AI to do the work in a hybrid platform that includes the human,” and that marriage of man and machine might be the matrimony of the century.

To be clear, the AI approach is not happening right now, but the development of these tools is ongoing. The hope is that, “AI can be used to detect complicated behavioral threats like at-risk employees, malicious insiders, and credential reuse,” said Martin. Right now, humans sifting through billions of events could take a year’s work. “Leveraging AI you can do that better and more quickly,” said Martin.

The goal of both approaches is to optimize security by joining together the sophisticated intelligence of both man and machine with the hopes of seeing incredible benefits in terms of time and efficiency. Whether either strategy will actually prevent attacks remains to be seen.