Original Post from SC Magazine
Author: Doug Olenick
What’s in a Brain?
In my previous blog [CS(1] , I explored how we should approach automation using the Triune Model of the human brain. I broke down how many view our metaphorical brain in three key functional parts: the lizard, the dog, and the primate. I explained how each of those areas function and how they mirror our digital businesses goals. Just in case you need a quick refresher:
The lizard section handles autonomic functions like heartbeat and respiration. Artificial intelligence (AI) and machine learning are similar to this portion, providing your business with automated, but rigid security measures.
The dog section is in charge of “feelings” which act like a form of currency for what we should remember. People like those in your SOC or other key security roles are like this portion, working alongside the automated processes to ensure effective and well-informed security decisions.
The primate section is responsible for the development of language, reasoning, and the ability to learn from mistakes. Business leaders are like this portion, processing the actions of the other two sections and using what they learn to improve overall performance.
This time, I’ll be looking at the role each of these parts play when it comes to creating an effective, highly efficient, highly secure, and well-automated ecosystem.
The Role of the Lizard in 2019
As I write this in 2019, I still feel we need to treat even
the most intelligent of computer AI as the lizard portion of the brain. Yes, it
can deal with machine-scale problems, but we need to bring those machine-scale
problems down to a human-scale, understanding they are of little use to
technical and business leaders without proper context. Making sense of data is
square in the domain of human understanding. At the end of the day, we want to
make sure that the person behind the console understands why a security alert
was triggered and help them resolve that security issue.
I was careful to specify 2019 because machines will evolve
over time and will figure out how to supplement the dog and likely even the
primate sections of our model. But for now, I think it is safe to treat
machine-based decision making and automation like the lizard portion of the
brain and all its qualities (compulsive, obsessive, rigid, etc). This simple
realization allows you to use it more effectively and sidestep applying it in
areas that could be ineffective or detrimental.
Criteria for Automation
So, when and where should you use AI and ML to improve your
security? Let’s look at three key criteria for applying automation.
Automate actions that are deterministic in their outcomes and that are
internal to the system.
When your automation is based on an observation, automate with near equal
or greater precision as the observation. Rarely can you generalize the action
to take and not end up with collateral damage. For example, if you have a host
at a branch that is misbehaving, automate the mitigation of that particular
host and not the entire branch. Conversely, if you have evidence of an
application misbehaving, taking action at the IP address level might adversely affect
business-critical applications on that same IP address.
Automate what is routinely and frequently executed – or as much of it as can safely be
Let the machines act as the lizard part of the brain while you, the
business owner, play the role of the dog and primate knowing what is good or
bad for the business and applying human reasoning to adapt to any necessary changes.
For all those machine-scale problems, automate them to bring them down
to human scale so that you can appropriately orient yourself into better
decisions and actions.
We often think of automation just being action oriented, but I would argue that
in this day and age, more automation is applied just to bring internet scale
data sets down to a human scale dimension so that our mental models can make
informed decisions. We want to automate those actions which are frequent,
require the least latency, are deterministic in their outcome, and can adapt to
environmental factors like threats.
While AI and machine learning will certainly evolve with
time, they’re not a one-size-fits-all solution for all your automation needs.
Just like how the lizard portion of the brain needs the dog and primate
portions to function at full capacity, automation also requires the right
amount of the human touch, both at the SOC level and C-Suite level, to truly be
at its most effective. By using AI to bring machine-scale problems to human
scale, the less stringent and creative minds working alongside your automated
processes can apply human reasoning and rationale for a more comprehensive,
secure, and highly effective digital business ecosystem.
The post Evolve security automation like the human brain: Part 2 appeared first on SC Media.
Go to Source
Author: Doug Olenick