There are many buzzwords used to describe various technologies marketed as tools that will make our lives easier. For describing security solutions, two words that come up often are "automated" and "autonomous." These words sound similar but have very different meanings. Often, confusion about the differences between the two types of tools lead IT professionals to mistrust both concepts, and they avoid using them even in instances where they can provide great value.
Let's explore the differences between automated and autonomous technologies, why so many IT pros are wary of solutions that tout these capabilities, and what specific applications actually warrant their use.
An autonomous system learns and adapts to dynamic environments and makes decisions (or takes actions) based on ever-changing data. Such systems use machine learning (ML) and artificial intelligence (AI) to learn from data, and the more data they ingest, the better they learn. In certain applications, autonomous systems eventually will become more reliable than humans and will perform tasks at an efficiency level not humanly possible.
Automated systems run within a well-defined set of parameters that consistently execute the steps as defined. The decisions made or actions taken by an automated system are based on predefined rules, and the system will perform those decisions/actions perfectly every time, eliminating the possibility of human error.
Fear of Autonomous Systems
The biggest issue with autonomous systems is when they're deployed for the wrong purpose. For example, if you're building a system that’s highly predictable and performs the same function repeatedly, then an automated system provides value because it is simpler, easier to maintain, and requires fewer resources to continue working. Leveraging autonomous systems for these types of solutions may wind up being overly complex relative to the job being performed and introduces unnecessary risks, such as the systems learning incorrectly and performing the wrong action in the future. The possibility that an autonomous system will make the wrong call and implement a change in the company's IT environment on its own is terrifying.
For example, an autonomous system that checks for improperly configured storage instances, such as S3 buckets, may not have the proper insight into compensating controls and incorrectly quarantine or remove the instances. The downstream effects could involve applications that are no longer able to run, causing a widespread outage. This is not a flaw in the way the autonomous system runs per se but an error by the developer who created the system.
The possible repercussions (misconfigurations, data breaches, fines for falling out of compliance, numerous false positives resulting in service outages, etc.) are so great that many companies have decided not to implement autonomous or automated systems in any form because of the widely held misconception that autonomous and automated systems are synonymous.
Companies that write off autonomous and automated solutions entirely are missing out on significant benefits. When used in the right environment and for the proper tasks, these solutions greatly increase efficiency and eliminate human error.
When to Use Autonomous Systems
Autonomous solutions are best used when the full spectrum of possible scenarios is unknown, and therefore there are no predefined rules for how to respond to new situations. Self-driving cars are the go-to example of why autonomous solutions are necessary, because there are too many different variants for a rules-based approach.
In the world of cybersecurity, these solutions are important because hackers are constantly coming up with new attack methods. Suspicious activity that has never been seen before (and therefore no rules exist for it) could slip by an automated system, but this is what autonomous solutions are built to identify and respond to.
Specific examples of use cases for autonomous systems include:
● Detecting anomalous activity in very large, complex data streams (e.g., network intrusion detection)
● Identifying unknown threats (e.g., zero-day exploits)
When to Use Automated Systems
Automated systems are best used in highly predictable scenarios and tasks for which a best practice already exists. A company can easily leverage its own talented IT team to build a perfect process for performing certain tasks, and then implement automated tools that will perform those tasks precisely, every time. Automation is especially needed in cloud environments, where the rate of change in configurations is immense. In an hour, it's not uncommon for there to be a million changes in a company's cloud services.
Human IT teams know how to determine whether a change is harmless or if it needs to be corrected, but they can't keep up with the rate of change. An automated solution can take the knowledge of the IT teams and apply it instantaneously across the cloud environment and determine which of those million changes per hour are harmless, which require an easily automated remediation, and which are perhaps so far outside the normal expectations that they require a human to review and address.
Specific examples of use cases for automated systems include:
● Correlating data streams to provide actionable guidance (e.g., unified visibility)
● Implement protections consistently, in real time, at any scale (e.g., policy-driven automation)
● Infrastructure and application-level compliance checks within a corporation's environment
It's important to remember that with automated solutions, companies maintain full control over their environments because their IT teams set the rules for how those solutions will perform certain tasks. With autonomous solutions, companies relinquish much of that control and trust that the AI/ML capabilities of that tool are learning from the constantly changing variables in their environments and making the best decision possible when faced with new scenarios.
While automated and autonomous solutions have distinct differences, and unwise deployments of each have sparked uncertainty around their use in IT, both types of systems can provide immense value if used appropriately. Additionally, both types of solutions will continue to advance and become more intelligent, and thus offer increased benefits to enterprises that are using automated and autonomous solutions in the proper settings.
- The State of IT Operations and Cybersecurity Operations
- 10 Low-Cost (or Free!) Ways to Boost Your Security AI Skills
- Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
- Cryptography & the Hype Over Quantum Computing
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "'It Takes Restraint': A Seasoned CISO's Sage Advice for New CISOs."