Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

// // //
7/13/2021
10:00 AM
Steve Durbin
Steve Durbin
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv

The Trouble With Automated Cybersecurity Defenses

While there's enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword.

Speed and accuracy in identifying and responding to threats are the alluring promises of automated cybersecurity defenses. The average cost of a data breach is $3.86 million, with the average time to detect and contain pegged at 280 days, according to Ponemon Institute research. Any system that can reduce those figures is welcome, so it's no surprise that artificial intelligence (AI) and other automated defenses are seeing rapid and wide adoption.

Related Content:

Cyber Is the New Cold War & AI Is the Arms Race

Special Report: Building the SOC of the Future

New From The Edge: 5 Mistakes That Impact a Security Team's Success

While there's enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword. Cybercriminals and other threat actors can engage the same techniques or manipulate the automated systems businesses employ. Because these technologies are not mature or well understood by the average IT department, there's also scope for misconfiguration and disruptive clashes between overlapping systems.

Unrealistic Expectations
Hype accompanies every new cybersecurity trend. A wave of automated defense technology is being hailed as the answer to skills shortages and increasing levels of attack. Security orchestration automation and response (SOAR), extended detection and response (XDR), and user and entity behavior analytics (UEBA) are leading the charge. The trouble is that their capabilities are sometimes oversold, and the problems they introduce can outweigh the benefits.

The scope and complexity of most organizations make adoption challenging. To reap the rewards of an automated system requires proper planning and compatible infrastructure. There's also a dangerous temptation, especially after making a large investment, to push these new technologies to handle things they were not designed to handle.

While they may enable cost-cutting in the longer term, proper integration and management of automated systems can increase costs in the short term. Unrealistic expectations and complacency can lead to disaster.

Lack of Understanding
Automated cybersecurity is a competitive space. The SOAR market is growing fast and expected to reach $1.3 billion by 2026, up from $721 million this year, according to 360 Research Reports. The leaders are naturally determined to protect their intellectual property. Many machine learning systems also rely on a black-box model, so there is very little, if any, insight into these products' inner workings.

If the vendors don't understand why decisions are being made, how can their customers?

Placing this level of trust in an unproven autonomous system is very risky. To make matters worse, there's a knock-on effect in terms of diminishing skills throughout your workforce. As automated systems take over with the expectation they will plug the skills gap, there will be fewer hires and less incentive for training.

Poisoning Datasets
One of the biggest dangers of placing trust in an automated system is that it can be manipulated by threat actors. The organization under attack has no way of knowing if the system has been tampered with. It can be alarmingly easy to poison automated systems with tainted datasets. This could dangerously skew machine learning algorithms over time or cause innocent traffic to be flagged as anomalous in the short term. Attackers don't necessarily have to fool the system; they can just overload it, prompting shutdowns of services or networks that could leave everyone locked out.

Even without malicious actors at work, some automated defenses may clash with other tools and systems on your network. Take the analogy of infection causing fever in the human body. The immune system is turning up the heat to try and kill the bacteria invading your body, but the fever can incapacitate or even kill you in extreme circumstances.

How to Approach Adoption
While there are risks, automated cybersecurity defenses also represent a real opportunity. But they must be handled carefully. Adoption should be fully planned, set a reasonable expectation level, and ensure that you have the internal skills to properly configure and interpret the automated system.

It's crucial to assess the level of autonomy these systems have and limit their ability to shut down services without some human oversight. Build trust slowly. Closely examine the sources that automated defenses rely upon, and find a way to continuously monitor the data sets to guard against poisoning attempts.

Mitigate risk by drafting incident response plans to cater to different automated system failure scenarios. Rehearse these response plans and tweak them as necessary to ensure they are effective. It's also wise to implement strict testing and change management to curtail overreliance on any automated system.

There's little doubt that automated cybersecurity defenses will have an increasingly important role to play, but we must resist the temptation to move too rapidly. Choose a considered strategy over blind trust and temper your expectations to get the most from this burgeoning technology.

Steve Durbin is CEO of the Information Security Forum, an independent, not-for-profit dedicated to investigating, clarifying and resolving key issues in information security and risk management. He is a frequent speaker on the Board's role in cybersecurity and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-4031
PUBLISHED: 2022-11-29
The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such...
CVE-2022-4032
PUBLISHED: 2022-11-29
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated at...
CVE-2022-4033
PUBLISHED: 2022-11-29
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc...
CVE-2022-4034
PUBLISHED: 2022-11-29
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator...
CVE-2022-4035
PUBLISHED: 2022-11-29
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags p...