Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
3/1/2016
08:00 AM
Steve Grobman
Steve Grobman
Partner Perspectives
50%
50%

The Machines Are Coming! The Machines Are Coming!

A revolution in human-machine teaming for security operations is at hand.

Cybersecurity has two great resources that work well together -- experienced security ops personnel and learning machines. Machines can work at the speed of electrons and process enormous quantities of data, but they are challenged when dealing with unforeseen scenarios. Human judgment and experience cannot be replicated by machines, but humans struggle to find patterns in massive data sets and they operate in minutes, not microseconds. For us to be truly effective as an industry, we need to deliver solutions that combine human and machine working together to fend off cyberattacks that can multiply and adapt in microseconds.

We are facing a significant labor market shortage in cybersecurity, both in numbers and experience. At the same time, there are traditional fears about automation and machine intelligence. One is that people will be replaced by machines, and another is that the machines will create enormous messes by compounding poor decisions. In this case, we are talking about using the machines to amplify the effectiveness of security operations and incident-response teams. Technology is not replacing people, but in the spirit of the best teams, each is working to its strengths.

One example of this is computers and chess players. In 1997, an IBM supercomputer beat a human chess grandmaster for the first time. Chess has a large quantity of data and a lot of patterns, which plays well into the strengths of the machines. However, in 2005 a couple of amateur chess players augmented with three PCs beat a whole range of supercomputers and grandmasters. The human/machine team was better than either alone.

In cybersecurity, we are gathering vast amounts of data, and there is an assumption that with increased visibility, enough data, and the right algorithms we will be able to predict threats. However, cyberattacks are not deterministic, as they contain at the core a human who can be innovative or random in his approach, and visibility does not give you insight into your adversary. Algorithms and analytics on their own cannot comprehend the strategic nature of the adversarial game that is being played against the cybersecurity bad actors.

So technology will not be replacing security professionals anytime soon, but it does bring tremendous advantages to the defense. Shared threat intelligence helps prevents attacks from being used over and over again, or from propagating rapidly throughout your network. You need a learning machine to detect and contain attacks at the speed of light, while humans work to mitigate the problem and develop long-term solutions.

With the increasing number of targeted attacks that are executed only once, threat intelligence might not help. The same is true of zero-day exploits or new attack types. The machines won’t have rules to deal with this, but they can help filter the alerts and correlate actions to raise the alarm to their human colleagues sooner than a human acting alone.

The machine revolution is coming, but not the way Hollywood movies portray it. Machines are coming to be the best teammate you could ask for. 

Steve Grobman is the chief technology officer for Intel Security Group at Intel Corporation. In this role, Grobman sets the technical strategy and direction for the company's security business across hardware and software platforms, including McAfee and Intel's other security ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...
CVE-2020-25598
PUBLISHED: 2020-09-23
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar...
CVE-2020-25599
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory a...
CVE-2020-25600
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains...