Is cyber security entering the age of automation?

AI and machine learning are increasingly looking like the future of security.

Artificial Intelligence (AI), machine learning and automation are technology trends dominating discussions in many different industries at the moment and cyber security is no exception.

As cyber criminals become more advanced and the threat landscape continues to develop, businesses are looking to new technologies that can help secure their organisation in a more proactive way.

According to Dave Palmer, director of technology at Darktrace, this move to the so-called “age of automation” is an inevitable and much needed one: “When you think about networks getting faster and big data, it’s been just as useful for the bad guys as it has for the good guys, but machine learning changes that. This whole era of automation and machine learning is going to be about handing complex problems off to the machines to do some of that solving for us and bringing humans out.

“Not that the attackers won’t benefit in some ways from that, but on balance, overwhelmingly this is an area of science that is much more of benefit to defenders than attackers and that is really the first time we’ve seen that.”

What’s clear is that the traditional model of endpoint protection through the likes of antivirus software is no longer enough, as Palmer explained: “People are falling out of love with the idea that year on year generation of improved perimeter defenses is making a difference. Certainly year on year improvement of antivirus and stuff like that is just hardly relevant when you’ve got a smartphone and half the people have a smartwatch, or the IoT and shadow IT that they have in their businesses.”

The main problem with security at the moment, he said, is complexity. Bigger networks, mobile devices and multiple cloud services are making things infinitely harder for IT teams and, as hackers are typically able to innovate at greater speeds, businesses are falling behind.

“What defenders have been fighting against is their own complexity. Most businesses would struggle to even know what apps are running on all their different iPhones, let alone what the hell’s going on in their power station from the 1970s and we see that time and again. When you hear people complaining saying I’ve got too many logs or I don’t know how many people work here or I don’t know what my factories are made up of, time and again it’s not because of the attackers, it’s because our business complexity is huge and changing and constantly shifting.

“Most problems in cyber security have been complexity problems and that’s why these new sciences aren’t just going to be letting us have self driving cars, they’re going to really mainstream some progress in cyber security for all of us.”

Taking this approach can also help to solve the growing skills gap affecting the industry. Rather than simply hiring expensive security experts to sift through millions of logs, businesses can transfer the more monotonous monitoring tasks over to machines and free up time for employees to have more of a strategic impact.

At the moment, Palmer said, “we’re trying to throw more and more people at the problem because its complex but it’s not actually helping. I think handing stuff off to machines will really help. The more that people try to make it just an IT problem by hiring more IT people to do low level IT stuff, that’s not where it’s at. We’re going to have to move into this automated world, this machine-led world as a way of keeping up.”

By shifting the focus of security from “the thing of last resort running around cleaning stuff up,” to something that can have a positive influence, digital businesses might finally be able to start getting ahead of the bad guys.

Image source: Shutterstock/BeeBright