The idea of a fully autonomous cybersecurity system could mean the end of burnout and stress among IT security professionals and a sizable decrease in successful attacks, but that idea is a “pipe dream,” says a Forrester analyst.
In a recent blog post, Allie Mellen, a senior analyst with Forrester, says many security vendors share a vision to deliver an autonomous security operations center (SOC), but that such an idea is highly unlikely due to the need for human intervention, limitations of automation, complexities of an SOC and attackers being able to outsmart machines.
According to Mellen, even in the “physical world,” we have yet to perfect security by machines.
“Estimates suggest that there are more than 20 million private security workers globally,” Mellen writes. “Why so many people? Because machines cannot observe, interpret, and react to the infinite variations of human decisions quickly, completely, and accurately in the physical world … or the digital.”
Further, the expectations that many have of automation does not meet reality, Mellen says, because manual process automation is limited due to the need for humans for basic processes, automation is not designed for complex systems that require resilience and the limited scope of applicability as each step is added to an automation chain.
In addition, human attackers will always outsmart machines, Mellen writes. Hackers do not follow rules and simply identify gaps in security technologies or within the tech itself. Security tools, however, must follow a set of rules.
“These constraints force a limitation on technology that cannot be overcome without the aid of humans,” Mellen says. “If an organization uses endpoint detection and response, an attacker will find a way to bypass it or not target an endpoint. If an organization collects all logs from every single asset into a security information and event management system, an attacker will find a vulnerable employee to leverage for covert access.”
Essentially, technology will always be limited by the purpose it was designed for and lacks the creativity that human attackers use to carry out their attacks.
An autonomous SOC will not be able to operate beyond the constraints humans define and will always be susceptible to attack and pose another risk to the organization.
“The autonomous SOC will never be a reality because technology is simply not capable of human ingenuity,” Mellen writes.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply