Intelligent CIO Europe Issue 20 | Page 33

+ EDITOR’S QUESTION SAM CURRY, CHIEF SECURITY OFFICER AT CYBEREASON ///////////////// F inding vulnerabilities in hardware or software is expensive to correct the later they are found. Further, they are much riskier once they get into production and out in the world at scale than when caught in a development cycle or on the drawing board. Vulnerabilities come from many sources, from the avoidable errors in design or coding by engineers to the much more difficult to predict configuration or complex vulnerabilities of the IT structures we put out into the world. Early strategies, as with most things, are human based, trying to train people to code better or assigning people, but as with most processes, we begin to automate their detection, seeking to find them earlier and more completely. Ultimately, the best way to find vulnerabilities in software or hardware will be to use incredibly advanced, adaptive machine intelligence. However, there is still enormous value to human involvement in the processes of vulnerability discovery, triage and remediation and not leaving this to the machines to fix. The first critical concept to understand is chaos systems, of which there are two types. First, order chaos systems are ones that behave the same regardless of what victims do. The weather is a good example. Hurricanes don’t change their behaviour based on how humans take shelter. Second, order chaos systems actually adapt and respond to human behaviour. Crime in a city is a good example of this, changing where and how crime occurs based on police presence and coverage. Unlike every other service level risk in IT, security is a second order chaos system. This means that raw automation or machine-like execution is predictable to attackers, who will naturally seek to find vulnerabilities in the places the automation doesn’t cover. In a world of tit-for-tat, the vulnerability discovery and remediation team will always be playing catch up as it updates the machine discovery and automation processes. www.intelligentcio.com “ THERE IS STILL ENORMOUS VALUE TO HUMAN INVOLVEMENT IN THE PROCESSES OF VULNERABILITY DISCOVERY, TRIAGE AND REMEDIATION. Machines are good at repeatability and automation at scale, while humans are very bad at that sort of activity. Humans are the opposite, highly intuitive, adaptive and creative but prone to error when bored and repetitive. While the ultimate AI-driven machine intelligence may lie in the far future, augmenting humans with machines is achievable today. The most pragmatic and effective system would see humans watching, responding and predicting configuration and vulnerability exposures and then rapidly equipping a machine- driven, repeatable, scalable process. Further, progressively more intelligent Machine Learning can offer clues and reduce the workload on humans, freeing them for more rewarding and more valuable work. INTELLIGENTCIO 33