The partnership between humans and machines is at the very core of modern technology. It can provide us valuable insights into how we can shape products, machines, and software to best integrate and function efficiently with human behavior, capabilities, and limitations in the mix. It also provides an opportunity for us to build future-ready cybersecurity solutions while taking the human element into consideration.
Human in the Loop
Time and again, we have heard security experts expound on the threat from “human error” in cybersecurity. The very mention of human behavior often comes with a negative connotation in the context of security operations. On the other hand, we tend to look at machine capabilities and automation as the ultimate answer to most of the present-day security issues that we face. However, the relationship between humans and machines is quite complex. Each of the two brings something of value to the table and neither should be looked at with disdain or fear. We need to broaden our horizons by understanding the very crucial role that humans play in our systems and mold our machines to rightly adapt to it.
Many of the tools and solutions used in security operations today are built to utilize machine-to-machine communication, but there is a lack of solutions built to leverage the human-to-human and human-to-machine aspects of security processes. As an example, consider security platforms that provide automated playbooks for incident response. Such solutions are likely to perform well in a majority of the incidents that follow conventional security patterns. Yet when it comes to unconventional scenarios, organizations need to rely on human intelligence that is shaped from experiences on the cyber battlefront, along with a touch of creativity and judgment in the moment. Thus, organizations require an automation-powered threat response without losing human judgment and intellect in the process.
The present generation of security solutions comes with a focus on automating things and removing dependency on human skills. Coupled with the challenges posed by the shortage of human skills, the organizations are left with no option but to automate as much as they can. However, everyday security incidents and data breaches bear testimony to the fact that removing or reducing the role of the human element from security processes is not a viable option. What organizations need is the carefully calibrated fusion of human and machine capabilities and that is exactly what cyber fusion offers.
Cyber Fusion: The Best of Both Worlds
Every day, humans operate on the battlefront of the threat landscape, whether it is through the research on new threats, analysis of evolving attack methods, or in a defensive role to protect organizations from malicious actors. This means that security practitioners play a role as important as any of the myriad machine-based security solutions deployed by organizations. And it becomes necessary to find the synergy between humans and machine-based solutions.
Cyber fusion works by integrating the people, process, and technology elements of a security strategy. It builds a security workflow that orchestrates human resources with the processes and technologies in use. As an example, consider threat intel operations which involve both human-based and machine-based information sources as well as points of consumption. A lot of the technical and tactical intelligence is machine-generated and also consumed by machine-based solutions to detect intrusions or block malicious entities. On the other hand, strategic intel is often generated by experienced analysts and consumed by senior personnel within the organization. Meanwhile, operational threat intel involves a combination of humans and machine-based solutions on both ends. Thus, there is a need for the complete gamut of orchestration capabilities between humans and machine-based solutions which can be conceptualized as human-to-machine-to-human orchestration for fostering intel-driven operations.
This kind of intelligent synthesis of human and machine capabilities can be further understood through its three constituent parts:
- Machine-to-Machine Orchestration - This involves the interaction between disparate security tools so as to aggregate, enrich, and disseminate threat alerts from diverse machine-based sources. With advanced technologies like cyber fusion platforms, the collated threat data can then be used to generate the most relevant alerts or detailed analysis to help skilled analysts take further actions to mitigate the top threats. It can also enable the creation of automated security processes to speed up routine tasks or accelerate the response times for various threats.
- Human-to-Machine Orchestration - This creates a feedback loop from the humans to the machine-based security solutions. It allows security professionals within an organization to leverage human-based sources of threat information and convert it into a machine-readable format for use in the deployed security tools and processes.
- Human-to-Human Orchestration - This is aimed at bridging the gaps between existing security teams that play a role in the organization’s cyber defense strategy. Different security functions such as Incident Response, Threat Intel, Vulnerability Management, etc. often operate within organizational silos that hinder the interactions between them. However, cyber fusion platforms empowers the human element by bringing disparate security teams under a single roof. With this, organizations can leverage the combined human intellect to enable a quicker and more effective response to a variety of threats. It also enables the exchange of human-enabled threat intelligence and fosters collaboration across teams to help address bottlenecks in security processes or address loopholes in their strategy.
Building Upon the Human Element
Establishing advanced orchestration capabilities also lays the groundwork for further optimization of security operations workflows. By leveraging the human element in security operations, cyber fusion platforms allows security teams to develop unique capabilities such as:
- Bi-directional Intel Sharing - Using this, organizations can create a threat information sharing network within their own organization or with other trusted organizations. This enables the two-way exchange of timely and relevant threat intel to accelerate threat detection and response for known threats and to rapidly counter emerging threats.
- Role-based Alerting - This involves delivering threat alerts based on the recipient’s role, location, and business unit. This can help improve relevance, eliminate noise, and enable the recipients to take necessary actions according to their role. For example, senior management would need strategic threat intel insights to improve their security strategy, whereas security analysts would need tactical insights on the tactics, techniques, and procedures (TTPs) used by threat actors to come up with the apt defensive measures.
- Human-enabled Remote Actioning - To overcome the physical limitations of security teams, organizations can take advantage of mobile-based communication and advanced orchestration capabilities. This not only allows security teams to reduce response times and effectively manage time-critical scenarios but also creates quick pathways for looping in human judgment skills during emergency situations.
- Enhanced Collaboration & Integrated Governance - To lead security operations, one requires an in-depth understanding of the threat environment and existing cyber risks to align the organization’s security strategy accordingly. Moreover, security leaders need visibility across various security functions to make informed decisions. By utilizing the special capabilities provided by a cyber fusion platform, such as a centralized intel view, customized incident cost and SLA metrics, and an end-to-end automated threat intelligence management workflow, CISOs and senior management can more effectively govern their security teams.
Thus, organizations can increase the overall performance of their security teams by using smart security technologies and solutions that work hand-in-hand with the humans in the loop while providing unique advantages from machine capabilities.
Cyber Fusion: A Panacea for the 21st Century Security Wooes
As we continue to increase our reliance on technology, the relationship between humans and machines has become a focal point of conversation. In this evolving landscape, organizations need to balance their security priorities while considering both the human and the machine element. A cyber fusion platform offers a carefully crafted amalgamation of the two and provides the right path forward for building a strong and scalable cybersecurity posture.
Posted on: February 19, 2020