Cyber Security Operations with Humans and Machines

Organizations today finding ways and means to utilize both humans and machines in cyber security operations. You should’ve noticed in market most of the cyber security product vendors using terms such as ‘Artificial Intelligence’, ‘Machine Learning’, ‘Behavioral Analytics’, ‘Automated Workflow’, etc,. Likewise system integrator, managed security service providers has explored possible use-cases to have ‘machine first service delivery model’.

The possible reasons for companies leveraging machines in their cyber security operations are to achieve either of the below

  • Cost of IT Security
  • Speed of IT Security
  • Quality of IT Security

Technology alone is not the only solution to cyber security challenges, they are just part of the solution. Enterprise need to analyze their data and prioritize its budgets before introducing machines to deliver the security operational tasks. Business often today use the term ‘Human + Machine – Security Service Delivery Model’ while renewing their service contracts with their vendors to run security operations.

Machine first security delivery model require clear understanding of automation use cases and well document incident response playbooks. The security operational business outcomes that are expected are

  • Reduce effort on manual tasks thereby improving productivity of security staff
  • Optimize processes that traverse security and IT enabling better hand-offs and improving accountability of service delivery
  • Correctly prioritize threats based on business impact; Reduce the time to respond and remediate threats
  • Reduce the time to accurately detect critical threats

Below are key use cases that organization should explore for Human + Machine based service delivery model are

  1. Vulnerability Incident Response Workflow Automation
  2. Security Incident Response Workflow Automation
  3. Firewall policy change management Workflow Automation
  4. Securely retrieve credentials for execution of business process
  5. Auto Inactive users lockout
  6. Detect Infrastructure misconfigurations and auto workflow to remediate