Machine learning isn’t a new concept. Many industries, including security, have considered how it can be used to affect positive change. At the same time, some have wondered if they might be replaced by a machine – which may not be positive.
In his recent TED Talk, Anthony Goldbloom discusses The jobs we’ll lose to machines – and the ones we won’t. The gist of Anthony’s talk is that machines are good at high volume, repeatable tasks, but not novel duties that require judgment.
Recent research from organizations like AT&T suggests that most attackers are targeting businesses using forms of attacks that we already know about. Dare I say, high volume, repeatable attacks.
Many of these known attacks are good candidates for automation. For example, most companies have well-defined processes for investigation and remediation of malware alerts – something that can be easily automated in a playbook.
Does that mean SOC teams should fear machines? While the AT&T research claims 90% of attacks in the last year are “known” (i.e. ripe for automation), that still leaves 1 in 10 that are unknown – or as Anthony might say, “novel.” Considering the high volume of alert traffic at most companies, plenty of human work remains.
I’m reminded of a session on Security Automation that I attended at RSAC earlier this year. The speaker noted that “automation is about reducing clerical work, so analysts can focus on events that require analysis.” It’s not a machine vs. human scenario. We need both.
The reality is that even the high volume, repeatable tasks that can be automated still may require some human interaction – a concept we’ve referred to in past blog posts as “analyst in the loop” automation.
While automation can surely help us work faster and more consistently, machines are not likely to replace humans in the SOC any time soon.
VP, Products & Marketing