Geoff Webb, senior manager, product marketing, NetIQ
Organizations continue to suffer catastrophic data breaches. While the primary solution has traditionally been to deploy ever more exotic and complex security technologies, the breaches continue to grow in frequency and scope. New security technologies generally place greater burden on the staff that oversee and use it.
The result? Valuable information becomes lost in a sea of meaningless noise. Policy that would otherwise reduce vulnerabilities goes unenforced. The failure is not the result of people, nor any given technology – rather it's a failure of process. Process automation offers the only solution to this self-reinforcing problem. Automating processes associated with information gathering, event analysis, identification and even remediation provide the best way to accelerate breach response by removing the manual workload placed on security teams. Armed with the right information, remediation paths are identified more rapidly. Process automation frees security teams and enables them to efficiently respond and more proactively protect information.
Dan Geer, CISO, In-Q-Tel
Let's start with some premises: Security is the absence of unmitigatable surprise. Risk is proportional to dependency. The best must never be the enemy of the good.
The consequence of this thinking is that security automation has its place, but only where it substitutes for repetitive drudgery and/or the tendency of human operators to nod off. Sentient offense means there is nothing to automate against – the risk mutates. Automated defense requires not mutation, but pattern recognition coupled to judgment – judgment that we would be wise to not fool ourselves into expecting of machines.
Automated defenses eventually become the portals of attack themselves, i.e., the rising tide of trojaned anti-virus. The true danger is not in unautomated portions of cyberspace, where danger is obvious, but rather in a procedurally correct security theater where the illusion of safety is bought with risk put out of sight and, thus, out of mind.
In sum, automation as decision support, yes; automation as decision-maker, no. Unwitting charlatans yearn otherwise.