Recently, I spoke with Courtney Hughes about the mutually beneficial relationship between machine learning and human intelligence. In the episode, Courtney and I discussed how companies in the security industry too often rely on automation and machine learning to catch threat actors at work. In doing so, they misunderstand one critical factor: cybercrime is perpetuated by a human using technology, social engineering, and other methods to attack their victims. And so, cybersecurity does not address a straightforward technology-only problem.
CIOs and CISOs today face a human adversary with a lucrative business model that is empowered by shared tools such as ransomware. Just recently, we saw adversaries infiltrate an innocent victim to leverage what is typically perceived as a safe and routine technology action – a software upgrade – for nefarious purposes. These threat actors have no scruples about using their tools against the most vulnerable targets...the schools teaching our children, hospitals treating pandemic patients, pharmaceutical companies developing and delivering the vaccine, and so many more.
Controls are only as strong as your end-user is vigilant, as there is always a human on the other side that will work to evade or weave between even the best-intentioned controls. Security experts must be ready to quickly detect and remediate threat actors that evade those controls. This requires the ability to understand how disparate events and alerts fit together into a holistic picture of malicious activity.
To truly beat the adversary at scale, the security community must leverage the relationship between machine learning and human intelligence. Both machines and humans bring different skills and capabilities to the table, and at Secureworks®, we are focused on creating the optimal balance between the two with an integrated platform and flexible security services that create a holistic approach to security for our customers.
Since we first began building our cloud-native security platform, Taegis™, we have relied on our more than 20 years of experience and leadership in Managed Security to inform the development of products like our Taegis XDR application. By applying our knowledge of how threat actors operate, we designed Taegis XDR to collect and store telemetry in a manner that allows us to apply threat analytics across a wide variety of customer-defined data sources. We also have threat researchers embedded directly within our engineering and software development teams to ensure that deep security expertise intentionally informs new platform capabilities.
We are constantly learning and adding to our knowledge base. As our threat researchers identify new techniques, tactics, procedures, and strategies for detecting the behavior of a threat actor, they work with our engineering teams to evolve our platform for the changing technology infrastructure of our customers, like improving how we detect threats within cloud environments as more customers shift to public cloud providers.
Threat actors are getting more creative every day, and they’re also leveraging software and data science techniques to refine and scale their attacks. However far technology advances, there will always be a need for human security expertise to provide insight and intelligence that enables you to find and protect against those threat actors and beat them at their own game.
To continue the dialogue on how data science and human insight intersect for maximum efficiency, view this on-demand webinar presented by our COO Kevin Hanes.