The benefits of augmenting human security teams

Today's security threats are evolving each day, with IT teams having to closely monitor everything from the data center to the edge, as well as the millions of connected devices which log in to their systems each enterprise, then we are creating security systems that lack the ability to scale in line with year. The workplace is currently in flux – we can work from mobile devices in any location we choose as well as working with many different applications. When things change, security teams have to readjust policies and controls. Is it fair to expect them to chase after us, all day, every day to keep us safe?

CIOs can no longer ignore the high-profile attacks that continue to threaten organizational reputations around the world. It's no wonder that security is the top of the agenda in many boardrooms or that a new C, the CISO (chief information security officer), has joined the management team. Protecting the organization is obviously a huge priority.

But how is this actually achievable, unless we are able to anticipate the small, but significant, changes that are happening on the network day-to-day?

We are asking human IT teams to constantly monitor the data being shared by incoming and existing devices, which can easily reach into the thousands for a large the threats. Because human teams can get tired and make mistakes (they are human), the most common approach is to make blanket rules and restrictions across the network to serve as a catch-all against new inbound threats. The problem here, is that very quickly the user experience suffers. Which in turn, can affect productivity, and even morale.

This is where machine learning (ML) comes to the aid of human security teams.

Visit Chief Data Officer Summit, part of DATAx New York on December 12–13, 2018

Augmenting, not replacing

With any luck, that last sentence will not have made your eyes roll. We should be moving past concerns about AI replacing human roles. The point about ML, in the context of security, is that it gives us an always-on, 24/7 tool that allows us to spot the type of threats and exploits that it would be difficult, or even impossible, to detect with human eyes.

The way many companies run IT security today leaves definite room for improvement. Either you are running it with such sensitive filters that it generates a mountain of false positives, meaning you can't see the wood for the trees. Or filters are turned down to a manageable level, leaving big gaps in your defences. Both scenarios, of course, risk genuine threats sneaking through.

With ML, there is an ability to detect minute changes in data that would likely slip through traditional defences. Using ML and user and entity behavioural analytics (UEBA), we are able to set a baseline for every single device connecting to the network, from the latest user mobile device to the air conditioning unit, connected as part of a new IoT initiative. Everything is quickly recognized, profiled and connected, giving each connected entity its own unique risk profile.

As soon as a device behaves in a way that strays outside of its recognized profile or baseline, the network sees it and takes action. This action could be to raise the risk, re-route the data for deeper analysis or immediately raise an alert, which compels human security teams into action. Assuming there is no wrongdoing, the user experience is not impacted, beyond perhaps being asked to confirm the activity was indeed them and all is OK.

In the case of a serious event, the device will be quarantined from the rest of the network, to limit any potential damage that might have occurred. All because the machine is analyzing millions of individual packets of data, all the time. It's a job that no human team can realistically do or would want to do.

With machine-led security continually learning, adjusting baselines and detecting new threat patterns, human teams are not usurped. They are enormously aided, by being alerted only to the issues that they really need to inspect. This automatic monitoring offers IT staff exceptional time savings, which actually means an improvement to their job role. Instead of fighting fires, security teams will be able to focus on building better IT experiences across their organization and saying yes to new innovations. Security teams may actually become a revenue driver for the business.

How security impacts the workplace

The tasks of human security workers may well change as the world of ML, building to full AI, begins to accelerate. But we should never fear change. Especially when the likely new roles carry even wider business relevance. The promise of ML is there, but it still needs highly skilled teams to build it into the core of the network, re-apply it to other business areas, and proactively monitor it for new insights.

We're faced by intelligent threats, targeting valuable user data, across a network that has more end points (and entry points) than can be counted. Isn't it about time we acknowledged that human IT staff need the help they can get?