Taking Time to Build Confidence in Automated Security

Taking Time to Build Confidence in Automated Security

By Michael Xie, Founder, President, & CTO at Fortinet

The confidence needed to rely on automated technologies that are responsible for our safety and well-being is something that people need to come to terms with, and sooner rather than later. Consider the feeling of getting into a self-driving car – when will you feel comfortable enough to activate its self-driving mode for the first time?

That same tipping point of confidence is required in other situations where automation is available, most notably in the cybersecurity profession. Artificial intelligence (AI) and automated security offerings have grown in both commonality and necessity, and convincing CISOs and their teams to trust in these technologies have become the equivalent of pulling your hands off the wheel, taking your eyes off the road, and trusting the machine to keep you safe.

A Sense of Caution With an Automated Security System

There’s nothing more anxiety-inducing for IT security professionals than taking the plunge into trusting automated technologies. The sense of caution that permeates the industry is real, but it’s not necessarily a bad thing. Instead, it is critical to the process of ensuring that automation capabilities are both reliable and successful. Careless disregard of potential risks is just as dangerous as being overly cautious. Automation requires serious levels of confidence to provide an organization with its maximum benefits. And the development of that confidence requires a careful and consistent process. Building this confidence is a multi-step process, the first of which is understanding what goes into building the artificial neural networks (ANNs) that power automation.

An ANN is a system of hardware or software designed to mimic the way neurons work in the brain, collecting, processing, and correlating data. Due to the complexity of their nature, however, they cannot be created at the drop of a hat. It’s a truly massive undertaking – one that requires the input of millions of data points over several years, and that necessitates supervised, unsupervised, and reinforcement learning. This result is an ANN that can identify the countless number of security events that can happen in a single day and respond to them quickly and correctly.

What does this mean for confidence-building? Ultimately, any ANN that hasn’t gone through this meticulous, intensive development is simply not fit for use. In other words, it should not be trusted. The only way to unlock reliable automation is to have a reliable ANN that has been properly trained running the show.

Building an Effective Automated Security System

A properly configured ANN goes a long way towards creating confidence, but it should not be considered the end of the story. Security information and event management (SIEM) and security orchestration, automation, and response (SOAR) systems also play a critical role in the development of an automated security system. The role of a SIEM role is that of threat detection, much like a guard dog that alerts its owner when anything suspicious is happening. Without proper training, this can result in a lot of false positives. In scenarios where multiple SIEMs are in place, this is where SOAR comes in.

The job of a SOAR system is to investigate SIEM alerts and separate the wheat from the chaff. This helps prevent the live security team from being alerted every time an event occurs, like a dog barking whenever the postal carrier delivers the mail, and instead only flags truly suspicious security behavior. SOAR also simplifies workflows by automating incident tracking, offering security teams the ability to focus exclusively on security event response. Both SIEM and SOAR are required for an automated security system to function in a way that encourages confidence.

Finding the Balance in an Automated Security System

It takes a deft hand not just to build strong automation capabilities but to also build confidence in those capabilities. The need to find a balance between fear and overconfidence is crucial, and speaks to a general approach to AI that bears mentioning: AI isn’t about replacing human tasks indiscriminately, nor is it about automating everything. Instead, it’s about identifying and responding to incidents that humans can’t address due to issues related to speed and scale.

AI leveraged in this manner is meant to free up time for security experts to make complex decisions based on their judgment and insight, augmented by data provided by automated systems, without bogging them down with minutiae. This is why building confidence in AI security measures is critical to improving overall organizational security. The best approach is to use well-constructed ANN and a good balance of SIEM and SOAR. This makes security automation closer to cruise-control than self-driving. In other words, humans are still in charge, and the technology is merely aiding them. And eventually, once you develop confidence in the technology, you’ll feel comfortable taking your hands off the wheel completely.