Forrester: Autonomous ‘set and forget security’ is “a pipe dream”
Leading analyst says the complexity of security will always outmatch automated systems, keeping human security a necessary expense
Security vendors' pursuits of an autonomous security operations centre (SOC) are fruitless, according to claims by a leading industry analyst.
According to Allie Mellen, senior analyst at Forrester, security vendors are all searching to build an all-in-one product that could entirely automate the many functions of a security team but the idea would be almost impossible to implement due to technical and logistical limitations.
Database and big data security
KuppingerCole 2021 Leadership Compass ReportFree Download
Mellen argued that although automation has been instrumental in areas such as automating back office functions, and is increasingly powerful for security applications, the complexity with which threat actors operate means a machine could never fully protect against their various techniques.
Threat actors are also highly unpredictable in their methods and anticipating the next move in any engagement would require a well-trained human mind, she said.
“In contrast, security tools must follow a set of rules - they are built with an intention in mind, whether it’s to detect threats on the endpoint or to find anomalies in otherwise consistent data,” said Mellen in a blog post.
Security oversight still demands escalation to human workers and always will, Mellen added, especially with complex environments in which automated systems could “go off the rails".
“These constraints force a limitation on technology that cannot be overcome without the aid of humans. If an organisation uses endpoint detection and response, an attacker will find a way to bypass it or not target an endpoint. If an organisation collects all logs from every single asset into a security information and event management system, an attacker will find a vulnerable employee to leverage for covert access.”
Theoretical upsides to fully automated SOCs and security orchestration, automation, and response (SOAR) solutions include the reduced impact of cyber skills shortages on organisations and fewer data protection weak points among employees, but human decision-making is still required for the best protection.
The retained need for human input is the key differentiator between SOAR and fully-autonomous solutions and although companies such as Google Cloud and MITRE have taken steps to provide customers with pre-built threat-hunting queries in their environments, no one is selling an out-of-the-box, fully automated cure-all to security fears.
Tech giants including Microsoft continue to offer business security solutions that blend automation and expert insight. Providers that offer security as a service might yet fulfil the same role as automated security for smaller businesses, as this still has the end result of freeing employees from the burden of threat management.
Firms such as QuSecure even offer ‘quantum security as a service.’ In this sense, it could be argued that there is less of a need for a fully-automated SOC, with hybrid solutions working well.
Microsoft and Darktrace partnered on AI cloud security in 2021, while it was recently revealed that MI5 and the Alan Turing Institute have collaborated on AI since 2017 with the specific focus of using the technology for defence and security.
Additionally, a great deal of research and development is being done into the potential for deep learning solutions to threat actors, which carry the potential to predict ransomware strategies, or even combat AI malware developed by leading-edge threat actors.
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download