Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
3/1/2016
08:00 AM
Steve Grobman
Steve Grobman
Partner Perspectives
50%
50%

The Machines Are Coming! The Machines Are Coming!

A revolution in human-machine teaming for security operations is at hand.

Cybersecurity has two great resources that work well together -- experienced security ops personnel and learning machines. Machines can work at the speed of electrons and process enormous quantities of data, but they are challenged when dealing with unforeseen scenarios. Human judgment and experience cannot be replicated by machines, but humans struggle to find patterns in massive data sets and they operate in minutes, not microseconds. For us to be truly effective as an industry, we need to deliver solutions that combine human and machine working together to fend off cyberattacks that can multiply and adapt in microseconds.

We are facing a significant labor market shortage in cybersecurity, both in numbers and experience. At the same time, there are traditional fears about automation and machine intelligence. One is that people will be replaced by machines, and another is that the machines will create enormous messes by compounding poor decisions. In this case, we are talking about using the machines to amplify the effectiveness of security operations and incident-response teams. Technology is not replacing people, but in the spirit of the best teams, each is working to its strengths.

One example of this is computers and chess players. In 1997, an IBM supercomputer beat a human chess grandmaster for the first time. Chess has a large quantity of data and a lot of patterns, which plays well into the strengths of the machines. However, in 2005 a couple of amateur chess players augmented with three PCs beat a whole range of supercomputers and grandmasters. The human/machine team was better than either alone.

In cybersecurity, we are gathering vast amounts of data, and there is an assumption that with increased visibility, enough data, and the right algorithms we will be able to predict threats. However, cyberattacks are not deterministic, as they contain at the core a human who can be innovative or random in his approach, and visibility does not give you insight into your adversary. Algorithms and analytics on their own cannot comprehend the strategic nature of the adversarial game that is being played against the cybersecurity bad actors.

So technology will not be replacing security professionals anytime soon, but it does bring tremendous advantages to the defense. Shared threat intelligence helps prevents attacks from being used over and over again, or from propagating rapidly throughout your network. You need a learning machine to detect and contain attacks at the speed of light, while humans work to mitigate the problem and develop long-term solutions.

With the increasing number of targeted attacks that are executed only once, threat intelligence might not help. The same is true of zero-day exploits or new attack types. The machines won’t have rules to deal with this, but they can help filter the alerts and correlate actions to raise the alarm to their human colleagues sooner than a human acting alone.

The machine revolution is coming, but not the way Hollywood movies portray it. Machines are coming to be the best teammate you could ask for. 

Steve Grobman is the chief technology officer for Intel Security Group at Intel Corporation. In this role, Grobman sets the technical strategy and direction for the company's security business across hardware and software platforms, including McAfee and Intel's other security ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.