Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

02:00 PM
Greg Jensen
Greg Jensen
Connect Directly
E-Mail vvv

Autonomous IT: Less Reacting, More Securing

Keeping data secure requires a range of skills and perfect execution. AI makes that possible.

Artificial intelligence (AI) is a game changer in fighting cybercrime and defending data, and it can be decisive in turning the tide against hackers, thieves, and saboteurs of critical data. While IT systems use many automatic processes, they largely operate without any real awareness of the IT environment around them. However, 2020 will be the year when more companies reap the benefits of AI-powered autonomous systems.

On the tech side, this is partly because cloud computing has driven availability of affordable and reliable computing, storage and networking that make the application of AI affordable. That technological firepower along with the emergence of massive datasets to feed models now make AI a realistic option for applications including self-driving cars, factory gear, retail recommendation engines, truly helpful business chatbots, and the like.

People see these AI applications maturing at work, and that success stokes confidence that AI can solve real problems, driving still more demand. Autonomous IT is like the aforementioned self-driving car — not just spotting the pothole in the road, but changing lanes to avoid it. Unlike first-generation AI systems, which spot problems, second-generation autonomous systems act on the patterns they see. A Gen 1 AI might evaluate network traffic patterns to spot unpatched systems, but it still requires a human administrator to step in and schedule a patch. Gen 2 autonomous AI will not only spot the unpatched system but also take proactive action to apply an update, only informing an administrator after the problem is solved.

There are four areas where the rise of autonomous systems will soon have the most impact:

  • Scaling security: Autonomous systems will help people deploy and maintain IT environments at large scale. With the number of Internet-connect devices expected to jump from 8 billion in 2019 to 41 billion in the next eight years, security at scale will be a central challenge for future security specialists. Autonomy helps by making such work not only faster but also more consistent and better aligned to organizational information security policies and priorities.

  • Shrinking the talent gap: With global cybersecurity workforce shortages projected to reach 3.5 million people by 2021, freeing up cybersecurity talent for more important tasks is essential for improving security. As autonomous IT takes a bigger role in patching, configuring, and managing the complex hardware and software that underlies most systems, IT professionals will be able to focus on more strategic efforts. Even better, as autonomous systems work consistently and tirelessly, they can help prevent many of the human errors that threat actors can exploit.

  • Less reacting, more securing: Depending on what industry you're looking at, the average time it takes to remediate a breach once it's been detected is between 112 days and 447 days — or 3 to 14 months of potentially critical exposure. As autonomous systems handle more of the nitty-gritty collection and analysis of network traffic and data, people will be freed from combing network logs to do high-level, complex system analytics. With more time to do analysis, and more context around the data they are analyzing, security specialists will be able to spot and address more sophisticated threats while shortening the response timeline.

  • Making insiders less threatening: Corporate insiders who misuse their access to steal or manipulate data represent one of the most persistent, and difficult, cybersecurity problems. This kind of attack usually uses root access to system that was granted to support basic IT administration and management. As autonomous systems perform more of this work, and people focus more with broad-based system analytics, fewer people will need such direct access, reducing the opportunities for abuse.

Facing the Cyber Dangers Ahead
Keeping data secure requires a range of skills and perfect execution. Given the complexity and volume of threats facing IT systems, human defenders need insights into the changing threat landscape. With that knowledge and preparation, combined with the sophisticated AI and machine learning technologies, organizations will be best able to contend with expanding and accelerating threats.

Related Content:



Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Greg Jensen is a Director of Security Strategy at Oracle Corporation addressing the risk and challenges to the hybrid-cloud. He is also the Senior Editor of the Oracle and KPMG Cloud Threat Report and Oracle CISO Report with a key focus on developing cloud security ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
7/29/2020 | 3:12:27 PM
Deciphering Quality
The most difficult part of investing in AI is the sheer number of products out there. Not only do people still feel there's a "Terminator" quality to AI (not true) the algorithms underlying it are often proprietary which makes purposeful purchasing decisions difficult.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/13/2020
Where Are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-19
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and settin...
PUBLISHED: 2020-10-19
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administr...
PUBLISHED: 2020-10-19
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malic...
PUBLISHED: 2020-10-19
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malic...
PUBLISHED: 2020-10-19
A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.