Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Scott Totman
Scott Totman
Connect Directly
E-Mail vvv

A Tale of Two Buzzwords: 'Automated' and 'Autonomous' Solutions Aren't the Same Thing

Enterprises must learn the difference between the two and the appropriate use cases for each.

There are many buzzwords used to describe various technologies marketed as tools that will make our lives easier. For describing security solutions, two words that come up often are "automated" and "autonomous." These words sound similar but have very different meanings. Often, confusion about the differences between the two types of tools lead IT professionals to mistrust both concepts, and they avoid using them even in instances where they can provide great value.

Let's explore the differences between automated and autonomous technologies, why so many IT pros are wary of solutions that tout these capabilities, and what specific applications actually warrant their use.

Autonomous Solutions
An autonomous system learns and adapts to dynamic environments and makes decisions (or takes actions) based on ever-changing data. Such systems use machine learning (ML) and artificial intelligence (AI) to learn from data, and the more data they ingest, the better they learn. In certain applications, autonomous systems eventually will become more reliable than humans and will perform tasks at an efficiency level not humanly possible.

Automated Solutions
Automated systems run within a well-defined set of parameters that consistently execute the steps as defined. The decisions made or actions taken by an automated system are based on predefined rules, and the system will perform those decisions/actions perfectly every time, eliminating the possibility of human error.

Fear of Autonomous Systems
The biggest issue with autonomous systems is when they're deployed for the wrong purpose. For example, if you're building a system that’s highly predictable and performs the same function repeatedly, then an automated system provides value because it is simpler, easier to maintain, and requires fewer resources to continue working. Leveraging autonomous systems for these types of solutions may wind up being overly complex relative to the job being performed and introduces unnecessary risks, such as the systems learning incorrectly and performing the wrong action in the future. The possibility that an autonomous system will make the wrong call and implement a change in the company's IT environment on its own is terrifying.

For example, an autonomous system that checks for improperly configured storage instances, such as S3 buckets, may not have the proper insight into compensating controls and incorrectly quarantine or remove the instances. The downstream effects could involve applications that are no longer able to run, causing a widespread outage. This is not a flaw in the way the autonomous system runs per se but an error by the developer who created the system.

The possible repercussions (misconfigurations, data breaches, fines for falling out of compliance, numerous false positives resulting in service outages, etc.) are so great that many companies have decided not to implement autonomous or automated systems in any form because of the widely held misconception that autonomous and automated systems are synonymous.

Companies that write off autonomous and automated solutions entirely are missing out on significant benefits. When used in the right environment and for the proper tasks, these solutions greatly increase efficiency and eliminate human error.

When to Use Autonomous Systems
Autonomous solutions are best used when the full spectrum of possible scenarios is unknown, and therefore there are no predefined rules for how to respond to new situations. Self-driving cars are the go-to example of why autonomous solutions are necessary, because there are too many different variants for a rules-based approach.

In the world of cybersecurity, these solutions are important because hackers are constantly coming up with new attack methods. Suspicious activity that has never been seen before (and therefore no rules exist for it) could slip by an automated system, but this is what autonomous solutions are built to identify and respond to.

Specific examples of use cases for autonomous systems include:

● Detecting anomalous activity in very large, complex data streams (e.g., network intrusion detection)

● Identifying unknown threats (e.g., zero-day exploits)

When to Use Automated Systems
Automated systems are best used in highly predictable scenarios and tasks for which a best practice already exists. A company can easily leverage its own talented IT team to build a perfect process for performing certain tasks, and then implement automated tools that will perform those tasks precisely, every time. Automation is especially needed in cloud environments, where the rate of change in configurations is immense. In an hour, it's not uncommon for there to be a million changes in a company's cloud services.

Human IT teams know how to determine whether a change is harmless or if it needs to be corrected, but they can't keep up with the rate of change. An automated solution can take the knowledge of the IT teams and apply it instantaneously across the cloud environment and determine which of those million changes per hour are harmless, which require an easily automated remediation, and which are perhaps so far outside the normal expectations that they require a human to review and address.

Specific examples of use cases for automated systems include:

● Correlating data streams to provide actionable guidance (e.g., unified visibility)

● Implement protections consistently, in real time, at any scale (e.g., policy-driven automation)

● Infrastructure and application-level compliance checks within a corporation's environment

It's important to remember that with automated solutions, companies maintain full control over their environments because their IT teams set the rules for how those solutions will perform certain tasks. With autonomous solutions, companies relinquish much of that control and trust that the AI/ML capabilities of that tool are learning from the constantly changing variables in their environments and making the best decision possible when faced with new scenarios.

While automated and autonomous solutions have distinct differences, and unwise deployments of each have sparked uncertainty around their use in IT, both types of systems can provide immense value if used appropriately. Additionally, both types of solutions will continue to advance and become more intelligent, and thus offer increased benefits to enterprises that are using automated and autonomous solutions in the proper settings.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "'It Takes Restraint': A Seasoned CISO's Sage Advice for New CISOs."

Scott Totman brings more than two decades of experience in enterprise application development to DivvyCloud.  As VP of engineering, he is responsible for the ongoing development and delivery of DivvyCloud's software. Prior to joining DivvyCloud, Totman was the vice ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.