Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Scott Totman
Scott Totman
Connect Directly
E-Mail vvv

A Tale of Two Buzzwords: 'Automated' and 'Autonomous' Solutions Aren't the Same Thing

Enterprises must learn the difference between the two and the appropriate use cases for each.

There are many buzzwords used to describe various technologies marketed as tools that will make our lives easier. For describing security solutions, two words that come up often are "automated" and "autonomous." These words sound similar but have very different meanings. Often, confusion about the differences between the two types of tools lead IT professionals to mistrust both concepts, and they avoid using them even in instances where they can provide great value.

Let's explore the differences between automated and autonomous technologies, why so many IT pros are wary of solutions that tout these capabilities, and what specific applications actually warrant their use.

Autonomous Solutions
An autonomous system learns and adapts to dynamic environments and makes decisions (or takes actions) based on ever-changing data. Such systems use machine learning (ML) and artificial intelligence (AI) to learn from data, and the more data they ingest, the better they learn. In certain applications, autonomous systems eventually will become more reliable than humans and will perform tasks at an efficiency level not humanly possible.

Automated Solutions
Automated systems run within a well-defined set of parameters that consistently execute the steps as defined. The decisions made or actions taken by an automated system are based on predefined rules, and the system will perform those decisions/actions perfectly every time, eliminating the possibility of human error.

Fear of Autonomous Systems
The biggest issue with autonomous systems is when they're deployed for the wrong purpose. For example, if you're building a system that’s highly predictable and performs the same function repeatedly, then an automated system provides value because it is simpler, easier to maintain, and requires fewer resources to continue working. Leveraging autonomous systems for these types of solutions may wind up being overly complex relative to the job being performed and introduces unnecessary risks, such as the systems learning incorrectly and performing the wrong action in the future. The possibility that an autonomous system will make the wrong call and implement a change in the company's IT environment on its own is terrifying.

For example, an autonomous system that checks for improperly configured storage instances, such as S3 buckets, may not have the proper insight into compensating controls and incorrectly quarantine or remove the instances. The downstream effects could involve applications that are no longer able to run, causing a widespread outage. This is not a flaw in the way the autonomous system runs per se but an error by the developer who created the system.

The possible repercussions (misconfigurations, data breaches, fines for falling out of compliance, numerous false positives resulting in service outages, etc.) are so great that many companies have decided not to implement autonomous or automated systems in any form because of the widely held misconception that autonomous and automated systems are synonymous.

Companies that write off autonomous and automated solutions entirely are missing out on significant benefits. When used in the right environment and for the proper tasks, these solutions greatly increase efficiency and eliminate human error.

When to Use Autonomous Systems
Autonomous solutions are best used when the full spectrum of possible scenarios is unknown, and therefore there are no predefined rules for how to respond to new situations. Self-driving cars are the go-to example of why autonomous solutions are necessary, because there are too many different variants for a rules-based approach.

In the world of cybersecurity, these solutions are important because hackers are constantly coming up with new attack methods. Suspicious activity that has never been seen before (and therefore no rules exist for it) could slip by an automated system, but this is what autonomous solutions are built to identify and respond to.

Specific examples of use cases for autonomous systems include:

● Detecting anomalous activity in very large, complex data streams (e.g., network intrusion detection)

● Identifying unknown threats (e.g., zero-day exploits)

When to Use Automated Systems
Automated systems are best used in highly predictable scenarios and tasks for which a best practice already exists. A company can easily leverage its own talented IT team to build a perfect process for performing certain tasks, and then implement automated tools that will perform those tasks precisely, every time. Automation is especially needed in cloud environments, where the rate of change in configurations is immense. In an hour, it's not uncommon for there to be a million changes in a company's cloud services.

Human IT teams know how to determine whether a change is harmless or if it needs to be corrected, but they can't keep up with the rate of change. An automated solution can take the knowledge of the IT teams and apply it instantaneously across the cloud environment and determine which of those million changes per hour are harmless, which require an easily automated remediation, and which are perhaps so far outside the normal expectations that they require a human to review and address.

Specific examples of use cases for automated systems include:

● Correlating data streams to provide actionable guidance (e.g., unified visibility)

● Implement protections consistently, in real time, at any scale (e.g., policy-driven automation)

● Infrastructure and application-level compliance checks within a corporation's environment

It's important to remember that with automated solutions, companies maintain full control over their environments because their IT teams set the rules for how those solutions will perform certain tasks. With autonomous solutions, companies relinquish much of that control and trust that the AI/ML capabilities of that tool are learning from the constantly changing variables in their environments and making the best decision possible when faced with new scenarios.

While automated and autonomous solutions have distinct differences, and unwise deployments of each have sparked uncertainty around their use in IT, both types of systems can provide immense value if used appropriately. Additionally, both types of solutions will continue to advance and become more intelligent, and thus offer increased benefits to enterprises that are using automated and autonomous solutions in the proper settings.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "'It Takes Restraint': A Seasoned CISO's Sage Advice for New CISOs."

Scott Totman brings more than two decades of experience in enterprise application development to DivvyCloud.  As VP of engineering, he is responsible for the ongoing development and delivery of DivvyCloud's software. Prior to joining DivvyCloud, Totman was the vice ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.