IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Forrester: Autonomous ‘set and forget security’ is “a pipe dream”

Leading analyst says the complexity of security will always outmatch automated systems, keeping human security a necessary expense

Security vendors' pursuits of an autonomous security operations centre (SOC) are fruitless, according to claims by a leading industry analyst.

According to Allie Mellen, senior analyst at Forrester, security vendors are all searching to build an all-in-one product that could entirely automate the many functions of a security team but the idea would be almost impossible to implement due to technical and logistical limitations.

Related Resource

Database and big data security

KuppingerCole 2021 Leadership Compass Report

Whitepaper cover with black header image with logo and title, and contributors photoFree Download

Mellen argued that although automation has been instrumental in areas such as automating back office functions, and is increasingly powerful for security applications, the complexity with which threat actors operate means a machine could never fully protect against their various techniques.

Threat actors are also highly unpredictable in their methods and anticipating the next move in any engagement would require a well-trained human mind, she said.

“In contrast, security tools must follow a set of rules - they are built with an intention in mind, whether it’s to detect threats on the endpoint or to find anomalies in otherwise consistent data,” said Mellen in a blog post.

Security oversight still demands escalation to human workers and always will, Mellen added, especially with complex environments in which automated systems could “go off the rails".

“These constraints force a limitation on technology that cannot be overcome without the aid of humans. If an organisation uses endpoint detection and response, an attacker will find a way to bypass it or not target an endpoint. If an organisation collects all logs from every single asset into a security information and event management system, an attacker will find a vulnerable employee to leverage for covert access.”

Theoretical upsides to fully automated SOCs and security orchestration, automation, and response (SOAR) solutions include the reduced impact of cyber skills shortages on organisations and fewer data protection weak points among employees, but human decision-making is still required for the best protection.

The retained need for human input is the key differentiator between SOAR and fully-autonomous solutions and although companies such as Google Cloud and MITRE have taken steps to provide customers with pre-built threat-hunting queries in their environments, no one is selling an out-of-the-box, fully automated cure-all to security fears.

Tech giants including Microsoft continue to offer business security solutions that blend automation and expert insight. Providers that offer security as a service might yet fulfil the same role as automated security for smaller businesses, as this still has the end result of freeing employees from the burden of threat management.

Firms such as QuSecure even offer ‘quantum security as a service.’ In this sense, it could be argued that there is less of a need for a fully-automated SOC, with hybrid solutions working well.

A number of meaningful advances have been made in recent years using artificial intelligence (AI) and machine learning (ML) in security applications.

In 2022, AI cyber security software has continued to innovate and has seen the uptake of tools capable of identifying suspicious web traffic, such as NDR products.

Microsoft and Darktrace partnered on AI cloud security in 2021, while it was recently revealed that MI5 and the Alan Turing Institute have collaborated on AI since 2017 with the specific focus of using the technology for defence and security.  

Additionally, a great deal of research and development is being done into the potential for deep learning solutions to threat actors, which carry the potential to predict ransomware strategies, or even combat AI malware developed by leading-edge threat actors.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

SpaceX bug bounty offers up to $25,000 per Starlink exploit
Security

SpaceX bug bounty offers up to $25,000 per Starlink exploit

16 Aug 2022
MI5 and FBI warn businesses over mass Chinese IP theft
Security

MI5 and FBI warn businesses over mass Chinese IP theft

7 Jul 2022
Extending APM into observability
Whitepaper

Extending APM into observability

1 Apr 2022
Best presentation software 2022
Software

Best presentation software 2022

25 Mar 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022