Humans and Bots—a Dynamic Duo for Cybersecurity
Cyber attackers can be formidable villains: agile, quick, persistent—always looking for vulnerabilities in enterprises and exploring new possibilities in terms of attack vectors. If your company hopes to defeat them and protect your data, pocketbook, and reputation, consider a team effort of humans and bots.
Traditionally, cybersecurity has fallen on humans to handle. And that’s been challenging. Think about these numbers: 300,000 pieces of malware are created, 6.4 million fake emails are sent, and 30,000 websites are hacked. How often? Every day. In fact, a new attack occurs on the web every 39 seconds.
So, you’d think cybersecurity professionals would always be on top of what’s happening with attacks to protect their businesses. The trouble is there aren’t enough of them to go around. In the US alone, there are currently 314,000 unfilled cybersecurity positions.
Handling the flood of alerts
For companies lucky enough to employ that professional, detecting and quickly remediating an attack can be made difficult by a company’s own monitoring systems. For example, some companies receive up to 150,000 security alerts daily as I mentioned in a previous article. While the professional is attempting to review the alerts, a major attack in the crowd could slip by.
What is needed is a solution to accelerate and streamline the manual alert review process to help quickly and accurately identify and remediate an attack. An intelligent automation software bot can help, automating the process to cut the usual 30 minutes required for investigating each incident down to seconds. But, at this time, bots have their limits of what they can and can’t do. And that’s where the human part of the duo comes in.
What bots can accomplish
Intelligent bots, combining artificial intelligence (AI) and machine learning (ML), can be programmed to look for suspicious behavior patterns in network communications that could be signs of an intrusion. They can examine major attack vectors such as the #1 vector: emails. Algorithms that are part of the bots can analyze the choice of words and the grammar (or lack of grammar) in emails to help detect phishing attacks. They can be designed to monitor for installed malware or malicious commands and packets.
Intelligent bots can follow pre-defined criteria or be programmed to learn as they go. And they can adapt to evolving threat actor tactics. Such was the case with Microsoft’s software that helped to disrupt an attack on a major retailer.
How effective the bots are, including their ability to differentiate a false attack from a true attack and help stop attacks every time, continues to be debated. Back in 2015, Simon Crosby, CTO of security software vendor Bromium Inc., argued that “there is no silver bullet in security.” He went on to say that, when talking about machine learning of the time, “ML is good at finding similarities between things (such as spam emails), but it’s not so good at finding anomalies.”
What is still to come
Technology has evolved since then, with artificial intelligence enhancing what bots are capable of achieving. Yet, at this moment, even with an advanced self-learning design, a bot is not capable of free, independent thought. It works within its design parameters—no matter how those parameters continue to expand. And the instigators of attacks are still humans who rarely stick to design parameters and are capable of creating anomalies that can be challenging to analyze.
Intelligent automation bots can solve many challenges of cybersecurity—identifying more and more types of attacks faster and more accurately and saving hours and lots of effort. With cybersecurity professionals in short supply, the bots can allow staff to do more with less and free them for higher-value tasks such as developing strategies for a proactive defense. But they don’t take the place of the professionals. Despite all those benefits, human thinking is still needed to combat malicious human thinking. So, a combination of bot and human working together is needed to win the fight against the villains.
How do you make the most of the duo?
Numerous studies are underway. For example, one study that involves universities from around the world has the goal of managing, observing, and improving Human-Bot Cybersecurity Teams (HBCT) “in the presence of active adversaries that are also adapting to changing conditions.”
Since not all cybersecurity professionals understand what intelligent automation can do for them, an explanation of how bots work is the initial focus with participants. Researchers will also explore new automation techniques and how analysts process cybersecurity information to help move bot design toward automating the decision-making process.
In the meantime, intelligent automation providers have continued to enhance their technology to help with human and bot collaboration. For example, Automation Anywhere offers our digital assistant, AARI. It’s an easy-to-use, bot-to-human interface that simplifies everyday tasks and improves collaboration between teams—human as well as bot.
Cyberattacks continue. To protect your business, you need to put the duo to work. We’re here to help.