The buzz words swirling around IT security solutions have increasingly boiled down to “automated” solutions based on machine learning (ML) and artificial intelligence (AI). As a business owner facing increased IT costs to protect data and secure the network, we hear “automated” and immediately begin counting the savings. Everyone knows trained IT Security Engineers and Analysts are scarce and expensive. However, the complexity of maintaining security and managing the patchwork of appliances and applications meant to secure our environments require these resources. What is a business owner or IT director to do? Increasingly the slick sales pitches for new security tools are focusing on the “automation”. So, it’s 2019 and shouldn’t I be able to automate my cybersecurity program?
Human or Machine
Clearly, there is a place for Machine Learning and AI, however completely ignoring the vital role trained engineers and analysts play is assuming those technologies are well beyond where they really are in the industry. It is true that without some automation, the sheer volume of logs and alerts would quickly overwhelm the largest IT team you could assemble and make the job of IT security impossible to accomplish. However, in working with a range of products from SIEM (Security Information and Event Management) to vulnerability scanners to threat hunting tools, it is very clear that the capabilities to make good decisions based on the data aggregation still requires the application of trained human intelligence. There are still too many “false positives” and too many levels for a legitimate investigation to proceed on simply trying to program ML to accomplish those tasks. Did you know that cyber criminals have learned how to manipulate ML algorithms and even trick them?
There are many things computers do better than humans but making intuitive decisions based on an unusual situation is not one of them. Integrity IT believes you cannot completely automate your IT Security solution. There is no silver bullet application that you can trust to do the job of trained IT security professionals. The tasks and data these applications can do is critical to allow the human component to be as efficient as possible, however it requires a trained team to make your company secure from cyber threats and have the capability to respond to incidents in a timely and efficient manner.
Integrity IT maintains a team of highly skilled IT Security Engineers and Security Analysts that can help leverage our Managed Security Services to provide the tools and the skilled humans to be that team for you. Contact Integrity IT today for more information.