The Role of Security Assistants in Protecting Corporations and Individuals
By Srini Gurrapu, VP, Skyhigh Networks
Are Assistants New?
Assistants are not revolutionary; they are evolutionary. The way we interact with digital information has evolved, from browsers with search, to mobile applications that deliver rich experiences and gestures, to the current “conversational assistants” that incorporate intelligent automation.
At the same time, there is some confusion on assistants vs. bots that has also become pervasive.
We are beginning to converge on a definition of an assistant with four key attributes. They must incorporate reaction to their environment, meaning they consume and understand 360-degree domain intelligence, including human interactions. They are autonomous, meaning they can make independent decisions based on specific business outcomes with little or no human intervention. They are goal-oriented to achieve specific goals. Finally, they exhibit persistence, specifically the ability to learn and relearn to achieve desired outcomes.
On the other hand, creators of bots usually focus on conversational interface to enable simple business process automation. Assistants are “intelligent”, usually with some deep learning capability through mining and contextualizing complex and large volumes of data sets, including human interactions. Successful assistants are built to achieve specific business outcomes.
How do We Measure the Effectiveness of Assistants?
To understand the effectiveness, we can categorize assistants across two dimensions: modality of interaction and level of automation. Modality of interaction refers to natural human means of interaction versus visual or text-based interactions. The level of automation distinguishes between assistants with human oversight versus fully autonomous systems.
While the goal for all assistants is to fully automate all aspects of a previously human function, the level of sophistication of the user, and the impact of a potential negative outcome determines the necessary modality and level of automation.
In general, consumer-centric home automation assistants can safely use natural interactions and full automation, while a security assistant responsible for certain remedial actions such as blocking access to a critical business application might require human in the loop to verify the intelligence and approve an action.
Overtime, as confidence in assistant intelligence grows, assistants will take over more actions without humans in the loop
Overtime, as confidence in assistant intelligence grows, assistants will take over more actions without humans in the loop.
In addition, an assistant’s success is largely dependent on three attributes: large and unique data sets, rich context, and specific business outcomes.
Why Assistants in Security? – Complexity, Scale, and Resource Gaps Cannot Answer the Threat Landscape
By many measures, cyber security challenges have never been more severe, with data breaches and ransomware attacks becoming a common occurrence across corporations, government agencies, and individuals.
The stats on ransomware suggest that about 50 percent of organizations and 40 percent of users worldwide are affected by ransomware. Ransomware payments exceeded $200 million in one quarter of 2016 alone.
Our current cyber security defenses fail to prevent these threats due to three main issues.
The complexity and scale of securing data has never been more difficult. In the world of mobile, cloud, IoT, and big data, the amount of security data to process has grown 10X every year. At the same time the existing security landscape has grown organically in silos. There are roughly 800 security companies with solutions in over 30 categories such as endpoint, network, cloud, SIEM, and threat intelligence. It is very difficult to correlate context and orchestrate any security action tied to overall business outcome.
There is a shortage of professionals with sufficient security IQ and skill sets. According to ESG, 46 percent of organizations struggle with cyber security skills shortage. The complexity and scale of the security landscape requires highly trained and sophisticated professionals to understand (by manually writing complex queries across many different products), prioritize, and enforce the right controls with “partial” success. For many others, security has become a question of “best-effort” with no clear expectation of achieving business outcomes.
The lack of security orchestration tools and well-defined playbooks is the final stumbling block. Most of the existing orchestration is limited to domain-specific outcomes such as endpoint, network, or cloud – and sometimes limited to a specific vendor. There is no standardization of incident response playbooks across the industry.
In summary, “complexity” is the biggest challenge for security to be effective. The solution is to make security simpler– limiting human intervention. Essentially, we have to “consumerize” security intelligence and controls for them to be effective. This consumerization will have to be done assuming "low security IQ" – across SOC operators, end users, and CXOs – and still allow them to be successful in achieving their business outcomes.
This is where Artificial Intelligence, machine learning, and security assistants have a lot of opportunity – and are beginning to make great inroads. AI assistants in other domains already handle the most complex tasks in the background while making the human interaction as simple and natural as possible. The time is right for the “security assistants” to help security operators, business leaders, and end users overcome their disadvantages against cybercriminals.
Welcome to the World of Security Assistants
The world of security is about to be disrupted in a big way with new conversational models, security orchestration, and more publicly available playbooks. We also have lot of work that needs to be done in standardizing security domain ontologism so that assistants can work across different domains and collaborate between each other. Ultimately, it’s all about “keeping security simple” so that everyone can understand it, use it, and measure the effectiveness against specific business outcomes. While the assistants are evolutionary, the impact to the security industry will be revolutionary.
Welcome to the world of security assistants!
Founded in 2011, Campbell-based Cloud Access Security Broker, Skyhigh Networks helps businesses in safely adopting and managing their cloud services, while meeting their security, compliance, and governance requirements.