TED Talks have been the inspiration for several posts. There is likely a correlation between the time spent on airplanes and TED Talk references on the blog.
In his talk titled, “How AI can bring on a second Industrial Revolution,” Kevin Kelly introduces several concepts germane to security automation.
One claim Kevin made that really caught my attention is that your earning potential in the future will depend on how well you work with machines, not against them.
There is much discussion lately on AI (Artificial Intelligence) and how machines might replace humans (we’ve covered the topic on this blog as well), though Kevin’s balanced view is a more realistic interpretation of the future.
While automation aims to “take the human out of routine tasks,” there will always be non-routine work that requires judgement beyond the capabilities of a machine. To Kevin’s point, many security use cases similarly require a partnership between man and machine. For example, automation playbooks with remediation actions like blocking an IP address may require a human analyst’s approval to execute. This is a concept we’ve described as having an analyst “in, on, or out of the loop” in previous posts.
When choosing a Security Automation & Orchestration platform, it’s important to consider how humans can be included in automation workflows on a per-asset basis (e.g. a specific security tool or technology) or on a per-action basis (e.g. block IP or quarantine host). Supervised and dialable automation allows users to gain confidence in the platform and reduce or increase their supervision over time based on their experience.
A second topic Kevin covered was how AI is already “cognifying the world.” Airline pilots is given as an example. The human pilots often fly the plane for roughly 7 – 8 minutes per flight with AI systems shouldering most of the responsibility.
We often describe Security Automation & Orchestration (SA&O) as a cognitive system that can offer guidance to an analyst. We sometimes use the analogy of the SA&O platform acting as a machine-based Tier-4 SOC (Security Operations Center) engineer. A human-based Tier-4 SOC engineer is still required, however, and is responsible for training and codifying the standard operating procedures (SOPs) within the SOC. The machine-based Tier-4 SOC engineer works in conjunction with a human analyst (ranging from Tier-1 to Tier-4) to scale his or her knowledge and efforts. Incorporating a cognitive approach to SA&O allows the platform to educate and guide the analyst on what to do next in a particular security use case.
VP, Products & Marketing