An autonomous security operations center (SOC) or autonomous security team of robots is not realistic for the cybersecurity field. But automation and machine learning are critical to the future of risk management.
Allie Mellen of Forrester warned of relying too heavily on automation tactics during an SC Media eSummit on managing extended detection and response.
“We are in a human-to-human fight, and we can’t have machines do a better job than us right now,” said said.
But with so much data for small security teams to sift through, automation and machine learning are needed to help IT teams react and respond faster.
Automation in XDR is about making recommendations to the analyst, which requires the context around telemetry sources, Mellen said. That tactic can and should be used for response and remediation, she continued, but automation can also help analysts focus on the most critical efforts by removing some of the more manual tasks.
“I think automation is really important because of how much data we have coming in, because of how much we need to understand, because of how quickly we need to make decisions; and we're just unable to do that right now,” Mellen said.