The New Security Trifecta: People, Process, and AI?

BLUF (bottom line up front): For the best security outcomes, we need a distributed, truly pervasive, and AI-powered approach that embeds security everywhere. This means having security built into every software component, application, server, virtual machine, or container; enabled and supported on any network, across all cloud environments. To enact this, we need to change the way we optimize around time-tested “People, Process, Technology” (PPT) trifecta. The combination of highly skilled human decision-makers and Large Language Models (LLMs) interacting with AI-led cybersecurity tools creates a potent synergy that can streamline communications between and across systems, allowing humans to focus on their intrinsic strength, making the entire process of responding to potential threats and events orders of magnitude faster.

There’s a noticeable tension between the general desire to employ advanced tools and solutions and the challenges they present; among those challenges usability and a steep learning curve are often cited.

On one hand, it may appear that there’s a lack of focus or urgency with six times as many companies developing solutions for fintech vs. cybersecurity (though there might be some overlap here).

When asked why he robbed banks, Willie Sutton simply replied, “Because that’s where the money is.”

On the other hand, an overabundance of tools can also be a problem – with too many options, making the right choice becomes difficult. Additionally, a plethora of niche solutions increases complexity, while integrated platforms may sacrifice some advanced functionality for the overall ease of use.

IBM’s Cyber Resilient Organization Study 2021 cites that 30% of respondents said their organizations deploy more than 50 tools and technologies for security.

Akin to walking a tightrope this requires a delicate balancing act between having enough tools to address specific needs and having a manageable set that optimizes efficiency.

As part of leveraging generative AI capabilities to augment cybersecurity workflows, LLMs are increasingly used to enhance user interfaces (UIs) and human-to-computer interactions, making them more user-friendly and accelerating the learning curve.

For example, Security Information and Event Management (SIEM) systems can ingest signals and data feeds from various sources, then aggregate and analyze them; but realizing full benefits of those systems often requires advanced knowledge of query languages (e.g., Structured Query Language / SQL or Kusto Query Language / KQL), which limits their usability.

By imbuing the UI with Natural Language Processing (NLP) capabilities, LLMs can enable users to ask questions in plain language instead, LLMs can then use the prompt to construct and execute required queries, compile the outputs, and return the detailed response, thus improving adoption and time to value.

To complicate things further, the cybersecurity industry faces a critical gap, with a staggering 3.5 million unfilled jobs globally, including an estimated 750,000 in the United States. This immense need for talent clashes with the high barriers to entry for newcomers. Unfortunately, current efforts towards training and upskilling seem inadequate or insufficient to bridge it.

Defenders are drowning in a sea of threats and security signals, the sheer volume and complexity of which are pushing the boundaries of what’s manageable. To win in this relentless arms race, we need a change in basic assumptions. By incorporating highly sophisticated tools, like LLMs and AI-led hyper automation and orchestration, Enterprises can not only keep pace with the growing threat landscape but gain an edge.

This might also lead us towards a future with autonomous system segmentation and isolation, coupled with self-healing capabilities in both hardware and software.

In view of the abovementioned, the “People, Process, Technology” approach, with the traditionally heavy emphasis on the “People & Processes”, would need significant adjustments to accommodate for the rise of machine-to-machine communications and the exponential increase in process velocity that comes with that. We need to get people out of the loop where warranted and appropriate. The analysts need to focus on higher-level decision-making letting AI-led automation and orchestration tools run at machine speed.

This shift will require fostering interdisciplinary skillsets, where security professionals not only understand technical aspects, but also have a solid grasp of the organizational context (e.g., Governance, Risk Management, and Compliance) and possess strategic thinking and the ability to coordinate complex, multifaceted responses.

By adapting processes to this new landscape, we can leverage the power of both human expertise and advanced technologies to achieve a more robust and efficient security posture.

Computers excel at processing vast amounts of data, while humans possess intuition, imagination, and creativity. Humans can see the bigger picture by putting together business goals, organizational missions, and real-world situations to form a holistic view. This allows for informed judgments that go beyond just interpreting the data; as well as for strategic prioritization of tasks, and for identifying potential threats that might not be otherwise apparent.

“Don’t fear intelligent machines, work with them – environments as different as chess and medicine are showing us that the right approach is to let people exercise their intuition and creativity, supported and double-checked by their computer assistants as part of a well-designed process.” – Garry Kasparov (in one of his TED Talks)

In a future dominated by digital interactions, trust will become an even more valuable commodity; traditional methods of building trust (e.g., face-to-face meetings and handshakes) may become less common due to time and effort required (especially in view of hybrid work environment realities), but the effort invested in establishing trust could yield significant advantages.

The same applies to general cybersecurity awareness that should permeate organizations and should emphasize a set of practices for managing the most common and pervasive cybersecurity risks.

“People, when honestly informed and motivated, are perhaps the most effective resource that security-focused organizations will ever have against the world’s most nuanced and devastating security threats.” – Jason Meller (founder and CEO of Kolide)