Stop Trying To Take Humans Out Of Security Operations
Humans are inherently unique from other creatures or machines because of our ability to use:
- Communication — language capacity.
- Creativity — abstract thought.
- Critical thinking — reasoning and planning.
These aspects make cybersecurity an engaging challenge. Ultimately, cybersecurity is a fight between humans.
With sophisticated threats, attackers and defenders alike use their unique humanness — communication, creativity, and critical thinking — to find ways to achieve their goals. The most devastating attacks are those that are unexpected.
Despite this, we continue to see security vendors push forward with the idea of not just supporting but replacing human beings with AI and automation. Some highlights include “realtime [sic] autonomous protection” and “Fully-Automated Incident Detection, Investigation, and Remediation” — neither of which is accurate. Autonomous means “undertaken or carried on without outside control.”
This is neither accurate for what the products do nor for what will actually improve security operations.
Autonomous Doesn’t Mean Better
Despite the development of AI that can consistently beat human beings at StarCraft II (I’d like to see it try to beat Maynard in StarCraft Brood War), there’s still a large difference between true human consciousness and the artificial simulation we lean on so heavily in marketing.
We’ve seen AI misconstrue athletes as felons and cause investors to lose millions daily. The ultimate lesson here is that AI is only as good as the model on which it’s built. AI and automation lose to human beings because we’re unconstrained and do the unpredictable, which is exactly what attackers do in security.
The core capabilities of human beings are AI’s blind spots; “humanness” is simply not yet (or possibly ever) replicable by artificial intelligence. We have yet to build an effective security tool that can operate without human intervention. The bottom line is this: Security tools cannot do what humans can do.
To Win, Augment
Instead of replacing humans in the security operations center, augment them so they can do what they’re good at. Security tools must support security teams in doing their jobs better, from the people side, the process side, and the technology side. AI and automation are key players in that support and shouldn’t be taken for granted, but they also can’t be the raison d’être of security.
By shifting the focus from the technology to the analyst, we can empower analysts to be true defenders, instead of turning them into glorified cyber mechanics. Technology should make people better, not replace them.
I’ll be tackling this topic in my upcoming research on security operations. Forrester clients, do you find ways to humanize security operations? If so, reach out. I want to hear from you.