Theres a lot of noise around autonomous security. For years, analysts and security operations teams have been promised a utopia where they leave monotonous tasks behind, and yet the burnout rate for these professions continues to be high. Clearly there is much work to be done, but it helps to understand where we are today and theres no better place to look than the automobile industry.
The auto industry may not always be considered the most innovative, but its put a lot of thought into what it means to create self-driving cars. This includes a standardized framework that provides a good roadmap to whats ahead for cybersecurity.
Lessons from the Road
Automobiles are more fuel-efficient, fancier and safer than they have ever been. But one thing has arguably gotten worse: the driver. An analysis by the National Highway Traffic Safety Administrations (NHTSA) shows that human error is responsible for 94% of serious automobile crashes.
To improve safety and driver experience automakers are introducing innovations such as rain sensing wipers, automated headlights and blind-spot detection systems that allow drivers to focus more of their attention on the road. But thats not always the result.
Cruise control, for instance, was designed to eliminate the cumbersome act of keeping your foot on the accelerator. The problem is, it reduces cognition in other areas. Putting your foot on the accelerator forces you to pay more attention; without it, going too fast into a curve is just one of the many potential consequences. Now, adaptive cruise control (ACC) is becoming standard because it solves some of the challenges in Cruise Control 1.0.
This is a great example of something that evolved from being automated to being autonomous. In fact, the Society of Automotive Engineers (SAE) developed a standard for describing the level of automation in cars thats been adopted by the U.S. Department of Transportation and the United Nations. On this scale, traditional cruise control is a Level 0 and ACC a Level 1. Teslas Autopilot or Cadillac Super Cruise are considered Level 2.
If this standard was adapted to cybersecurity, heres what it might look like:
The Self-Driving Security Journey Has Just Begun
In cybersecurity, one basic form of automation considered to be standard today is the correlation performed by SIEMs and network security tools. For example, collating all the alerts associated with an IP address together onto one screen or identifying an attack campaign by grouping alerts that share a source or a destination. Some tools are smarter and use additional sources of context such as active directory (AD) or threat intelligence, or filter out the known good. But much like cruise control, there are a lot of unintended consequences that manifest in the security world primarily through false positives and negatives. For instance, as devices become more mobile, they tend to roam inside and outside of corporate networks. With a new IP address at each location, the same device could have several addresses over a short period. The average IP address could have several devices associated with it too, making any analysis based on an IP address flawed from the get-go.
If cruise control is considered Level 0 on SAEs scale of automation, its safe to say IP correlation would be the same on the security scale. Looking more broadly at cybersecurity automation, most of the industry is probably only at a Level 1.
The Security Orchestration, Automation and Response (SOAR) category could have the best claim to Level 2 Partial Automation. These technologies automate several low impact response and remediation tasks like creating support tickets for the IT helpdesk, automatically correlating between multiple security tools, or grabbing evidence into an incident data store.
Getting to Level 4 and 5 will require the entire cybersecurity industry to substantially raise its game. For now, the focus should be on getting to Level 3 Conditional Automation.
To bring back the automobile analogy, Tesla Autopilot understands the vehicle (speed, travel lanes, braking, acceleration, etc.) in the context of other vehicles sharing the road and surfaces data the driver needs to make a decision.
We need similar levels of automation to bring cybersecurity to Level 3, and based on what weve learned from cars, there are three basic requirements to get there. We need to reduce the cognitive load on humans so security teams can focus on whats important, eliminate stressors like monotonous tasks, and focus on user experience in a way that documents decision paths so humans can dig deeper if and when they want to.
Human analysts continue to play a significant role in the security operations process and likely will for years to come. With that said, human skills can be elevated to a higher level by eliminating both the tribal knowledge and the rigor needed to surface the information they need to make optimal security decisions. That is what will put organizations firmly on the path towards autonomous security.
See more here:
- Plastic waste-to-energy tech is being unrolled in Hungary and Greece - Power Technology - May 11th, 2021
- Powerhouse's waste-to-hydrogen technology to roll out in Greece and Hungary - H2 View - May 11th, 2021
- China's Tianwen-1 mission getting set to try and land Zhurong rover on Mars - ABC News - May 11th, 2021
- Letter: 'Origins of wokeness/critical race theory (CRT)' - Brown County Democrat - May 11th, 2021
- Where is Everybody? Are Big Incentives the Only Way to Attract Good Workers Post-Covid? - CEOWORLD magazine - May 11th, 2021
- HBO Max & Utopia Pick Up Sundance Coming-Of-Age Horror Were All Going To The Worlds Fair - Deadline - May 9th, 2021
- Farewell the utopian city. To cope with climate change we must learn from how nature adapts - The Conversation AU - May 9th, 2021
- A critique: Where Marx (1818-1883) was right and why he was wrong on the demise of capitalism - National Herald - May 9th, 2021
- Autonomous Vehicles Aren't the FuturePublic Transportation Is - The New Republic - May 9th, 2021
- Coldplay Says There 'Won't Not Be' A New Album On The Way - UPROXX - May 9th, 2021
- League of Legends Arcane, Riots new animated show, coming to Netflix - Polygon - May 9th, 2021
- Miranda Lamberts The Marfa Tapes tops this weeks new releases - cleveland.com - May 9th, 2021
- Frieze New York is kicking off: heres what not to miss - Wallpaper* - May 9th, 2021
- Masks on, or hands off the library - Bonner County Daily Bee - May 9th, 2021
- Bath Mats Market to Enjoy 'Explosive Growth' by 2025 The Shotcaller - The Shotcaller - May 9th, 2021
- Broadway re-opening dates: Here's the latest updates on shows' returns - Asbury Park Press - May 9th, 2021
- COLUMN: Politics and markets - St. Albert Today - May 9th, 2021
- Down to earth: how escaping to the country isnt always what it seems - The Guardian - May 9th, 2021
- The pro-life movement has much to celebrate this Mother's Day - Washington Examiner - May 9th, 2021
- Malaysia in dystopia while seeking the Utopian dream - Free Malaysia Today - May 9th, 2021
- Van Herk: Is defiance of authority embedded in the DNA of Albertans? - Calgary Herald - May 9th, 2021
- Features | In Conversation | Modular Therapy: Daniel Miller And Steve Davis In Conversation - The Quietus - May 9th, 2021
- Silver coins unearthed in New England may be loot from one of the 'greatest crimes in history' - Livescience.com - April 25th, 2021
- Revolutionaries and their shadowy networks come alive in Tim Harpers new book - The Indian Express - April 25th, 2021
- A New Front in the Fight for Reproductive Rights - Global Press Journal - April 25th, 2021
- China invokes mythic god of war and fire for its Mars rover name - New York Post - April 25th, 2021
- Before the Oscars On Sunday Check Out This Top 10 List - KPBS - April 25th, 2021
- Where Every Coupling Depends on Lies, and Men Are Aliens - The New York Times - April 21st, 2021
- Sun Ra's Chicago: Afrofuturism And The City - Jazz Journal - April 21st, 2021
- Offspring's first new album in nine years, 5 Things to Know - The Oakland Press - April 21st, 2021
- Broadway Baby: Michael Kors on 50 Years of Opening Nights, Diva Crushes and a Dream Revival - WWD - April 21st, 2021
- '60 Songs That Explain the '90s': How Bjrk Became a Genre Unto Herself - The Ringer - April 21st, 2021
- TODAY in SUPES: Cautious Optimism on Local COVID Conditions, Plus the Latest Measure Z Awards and a Bracing Dose of Pension Funding Policy Talk - Lost... - April 21st, 2021
- A New Try With UBI: As Wrongheaded As Before - Forbes - April 21st, 2021
- Brexit uncertainty and inconsistency means UK-EU food trade is still in limbo - The Grocer - April 21st, 2021
- 17.04.2129.05.21, Cape Town | Art of Everyday Things - ZAM - ZAM Magazine - April 21st, 2021
- Local events planned in honor of Earth Day - goskagit.com - April 21st, 2021
- Qurans verses need to be reviewed. But by Islamic scholars, not Supreme Court of India - ThePrint - April 21st, 2021
- San Franciscans still live in 1906 earthquake shacks. Here's why they matter more than ever - San Francisco Chronicle - April 21st, 2021
- From dystopia to utopia: How UK co-working spaces are redefining the new normal - UKTN (UK Technology News - April 15th, 2021
- Artist Danny Cole on Dreams of A Utopia of Creatures and Vandalism - Observer - April 15th, 2021
- New England has one of the most epic national park bike rides in America, according to Bicycling magazine - Boston.com - April 15th, 2021
- Offspring guitarist Noodles explains why the bands new album took 9 years to finish - San Bernardino County Sun - April 15th, 2021
- Gagarin's March: 60th Anniversary of the First Human in Space - National Air and Space Museum - April 15th, 2021
- Roxy Ball Room Merrion Street set to reveal supersize gaming utopia | TheBusinessDesk.com - The Business Desk - April 15th, 2021
- Yugoslav architect Svetlana Kana Radevi is saluted at the Venice Architecture Biennale - The Architect's Newspaper - April 15th, 2021
- As a Cultural War Continues to Cause Waves in France, Art Has Become a Lighthouse for Progressive Views - artnet News - April 15th, 2021
- The Sonic Extremes of the MaerzMusik Festival - The New Yorker - April 15th, 2021
- Top 10 Female Life Coaches That Will Impact Your Life in 2021 - GlobeNewswire - April 15th, 2021
- When the newest big name addition to Nuneaton's Ropewalk Shopping Centre will open - Coventry Live - April 15th, 2021
- How to get on board Nottingham's Grub Run - fitness with a tasty reward - Nottinghamshire Live - April 15th, 2021
- Letters to the editor April 15 - Daily Inter Lake - April 15th, 2021
- Systems control: Introducing a new way of thinking about the climate crisis - The Spinoff - April 15th, 2021
- Belfast is ready to bounce back | Insight - Property Week - April 15th, 2021
- Is the Music Over at Mills College? - The New York Times - March 31st, 2021
- NFTs are leading to a new financial dystopia. Here's why you should care. - America Magazine - March 31st, 2021
- The Victorian Utopia Hidden In The Middle Of Tennessee - TravelAwaits - March 31st, 2021
- Why I am a communist: Activist Kobad Ghandy on ideology and Utopia - Scroll.in - March 31st, 2021
- 'Diana: The Musical' Will Premiere on Netflix This October - Decider - March 31st, 2021
- Shut out: Why the United Nations is no utopia - Stuff.co.nz - March 31st, 2021
- Greater Manchester town dubbed 'utopia' and named one of the best places to live in the country - Manchester Evening News - March 31st, 2021
- How things will have changed a century from now - www.ekathimerini.com - March 31st, 2021
- Jury out on link between new NRL rules and spate of injuries - The Guardian - March 31st, 2021
- Director Wayne Che Yip joins Amazon's The Lord of the Rings series - Televisual - March 31st, 2021
- Big Hits new ventures might just reshape the music industry worldwide and for the better - NME.com - March 31st, 2021
- Ryuho Okawa, World Teacher and Happy Science CEO, Publishes The True Eightfold Path: Guideposts for Self-Innovation - PR Web - March 31st, 2021
- 2nd international conference on Utopian and Sacred Architecture Studies - Winnipeg Free Press - March 31st, 2021
- Montreal filmmaker Peter Wintonick is the subject of a very personal new film - Cult MTL - March 26th, 2021
- Speaking of Religion | Nancy Thompson: The Journey Out of Slavery - Bennington Banner - March 26th, 2021
- The Long March Through the Corporations - Heritage.org - March 26th, 2021
- Graz Museum imagines the city in the future through a new exhibition - TheMayor.EU - March 26th, 2021
- Theater Review: Polis/Reset at the Volksbhne in Berlin - The New York Times - March 26th, 2021
- Green spaces aren't just for nature they boost our mental health too - New Scientist - March 26th, 2021
- 'Invincible' Is Packed With Pulpy, Visceral Thrills And Lots Of Pulpy Viscera - Capital Public Radio News - March 26th, 2021
- Talentopia Announces Merger of Impactian and Aims to Recruit Top Remote Technology and Legal Writers - Law.com - March 26th, 2021
- Two Cheshire towns named among the best places to live in the North West - The Chester Standard - March 26th, 2021
- Kaitlyn Greenidge: Song of Solomon is "WAP" of the Bible' - Los Angeles Times - March 25th, 2021
- Diplomacy at the dinner table The Harvard-Westlake Chronicle - The Harvard-Westlake Chronicle - March 25th, 2021
- Looking back at the lockdown - The New Indian Express - March 25th, 2021
- UVA and the History of Race: The Era of Massive Resistance - University of Virginia - March 25th, 2021