Senior Director, Technical Cyber Threat Intelligence
Ken Dunham brings more than 27 years of business, technical and leadership experience in cyber security, incident response and cyber threat intelligence to his position as senior director of technical cyber threat intelligence for Optiv. In this role, he is responsible for the strategy and technical leadership to mature Optiv’s data integration and innovation of intelligence-based security solutions.
Is it Intelligent to Fully Automate, Taking Humans Out of the Equation?
At a recent conference, I heard a speaker say, “Medical diagnoses will be done completely without a human doctor in the future – computers will be able to diagnose patients faster, and more accurately than humans.” Having served in this industry since 1989, I have to be careful not to spit up my coffee when I hear such global statements.
Let’s expand on the concept of medical doctors and automation. If a patient is able to accurately describe their symptoms and machines collect basic information such as blood pressure and temperature, initial diagnosis may be performed. This is not unlike triage in the world of incident response, where factual initial information can establish a working context of what may be malicious. But what happens if the patient is five years old and can’t describe anything very well other than “I don’t feel very good” or “my tummy hurts”? Inability to specify symptoms is just one of several interpretive challenges for automation in the world of medicine.
Another challenge is that of accuracy by the patient. Perhaps the patient is ‘wishy washy’ on their symptoms or non-specific (certain sicknesses, such as mono, can be hard to describe). Or worse, the patient could be attempting to manipulate the system because they wish to obtain a specific prescription medication. The ‘human-factor’ of this process cannot be easily managed by a computer (let alone a human) but necessarily involves higher level interpretive skills that are human (non-verbal, emotions, spiritual, etc.). Let’s not forget about the things that are not mentioned or offered up by a patient, which a real doctor may notice or discuss and an automated solution would likely fail to address. This just barely touches on some of the realities of how humans must be involved in the process.
The world of cyber threat intelligence involves a hybrid of automated and human-based development and actions. A botnet is a good example of this, where a worm component spreads automatically by design but is also remotely controlled by a human (the bot herder). As a result, it’s highly efficient and scalable but also involves the human element making prediction of actions or behaviors that are complicated to predict or respond too.
Machine-readable threat intelligence is clearly an emerging market to deal with information overload. Entry-level feeds and threat intelligence data can be derived from such affordable solutions, especially as it relates to opportunistic, global eCrime. Full automation can be used, for the most part, to deliver such information to organizations as they seek to enrich their intelligence solutions.
Mature practices in medical and cyber threat intelligence industries require more robust solutions involving automation and humans for best performance. In the future, I can easily see fully automated triage solutions in quick care centers and hospitals, designed to free up critical resources, and process patients efficiently and consistently. I also see highly skilled humans performing more advanced jobs that require critical thinking and troubleshooting skills, and interpreting human behavior, emotions and actions. It is short sighted to think we’ll ever fully rely upon just automation or just humans – it will never happen. If you doubt this look up quotes about paper free offices from the 1990s and walk through an office today.
Over time machine-readable threat intelligence will be integrated with other solutions in a multi-tiered fashion. Think endpoints, MSS, policy, and configuration with real-time actions. When we combine forces - machines and humans - we can do amazing things not possible without such teamwork. Since scalability is huge in this massive information age, it’s essential for any successful solution of the future.