Content

Evolve security automation like the human brain: Part 1

As our businesses become more digital, there are certain patterns we can borrow from our own evolution to better model and improve our approach to security and efficiency. There’s only so much that the security professionals can do on their own as businesses grow more complex. To maintain a strong security posture, you need to strike the right balance between automated security processes and human ingenuity.

In all complex systems there is an element responsible for sense-making and execution – for humans that is the brain. Let us for a minute draw parallels to how the brain works and interacts with the rest of its parts. We can examine these patterns and principals when deciding how to apply automation effectively and responsibly to help your business become more efficient and secure.

The Brain and the Body

Scientists have shown that the human brain has grown in complexity and size largely due to environmental factors over millions of years. While our digital businesses haven’t had the same amount of time to develop, we can look analogously at information technology having its own version of sensory organs, a nervous system, memory, and yes, even a brain-like function.  

Our brains take in observations and with the proper orientation and understanding, drive decisions and actions, some of which can be automated. Much like how I don’t have to think about breathing as I write this sentence, since it’s part of a well-managed set of motor skills that human evolution has automated. What qualities does a process require to be a candidate for this autonomous function? The answer to this question will serve us well as we decide what is safe to automate and what is not.

The Lizard, Dog, and Primate

I’m going to talk about the brain in a functional manner. For this example, let’s categorize the brain into a slight variation of the Triune Model’s three key functional parts: the lizard, the dog, and the primate. While each of these sections provide vital functions and processes on their own, it’s only when they work in tandem that they create a high-functioning and efficient brain.

The lizard section of the brain handles autonomic bodily functions like heartbeat and respiration. Being the highly automated section, it is also responsible for behaviors like rigidity, obsessiveness, and compulsiveness.

The dog portion wraps itself like a girdle around the reptilian section – girdle in Latin is “limbus” which is why it is called the limbic system. It is in charge of “feelings” which act like a form of currency for what we should remember and an economy for our decision-making processes.

The newest section of the brain is the primate section. Its abilities include the development of language, reasoning, and the ability to learn from mistakes. Perhaps most important is the ability to interact with the dog and lizard brain sections to make any necessary changes to improve performance and to take charge when appropriate.

The Modern Business as a Brain

This modular architectural pattern parallels the functional requirements necessary for our digital businesses to be efficient and secure. Artificial intelligence (AI) and machine learning are similar to the lizard portion of our brain example, providing your business with automated, but rigid security measures. People like those in your SOC or other key security roles are like the dog portion, working alongside the automated processes to ensure effective and well-informed security decisions. Finally, business leaders are like the primate section, processing the actions of the other two sections and using what they learn to improve overall performance. We seek the same functional goals which are:

  • Automate actions which are frequent, require the least latency, and are deterministic in their outcome
  • Ensure the brain is supplied with necessary and sufficient observations so models faithfully represent the external environment
  • Develop shared currency between sub-systems so the system has a way to distinguish what is an alert that needs to be acted upon and what is noise
  • Model the external environment so we can make more informed decisions and identify outcomes independent of execution

Just like how the sections in our model come together to create a complete, functional, and efficient engine to help drive the human body, effective automation requires a proper understanding of the roles that AI and various human elements must play in our digital businesses. Be sure to join me in part two of this blog next time as I take a deeper look at the functional role AI and machine learning play. I’ll also discuss best practices for how machine learning and AI should be used to help your business create a more secure and well-automated ecosystem.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.