Automation is not always AI, but AI is an automated system. It’s easy to get the two terms confused because they both run off the same thing—data. However, the differences are far-reaching, and it’s important to know the differences between AI and Automation.
AI is beginning to take hold as a powerful tool for SecOps teams much like how automation already has been. But what exactly can AI provide that automation doesn’t already?
Cody Cornell, the CEO of Swimlane who is a leader in cyber security, joined the Defrag This podcast to give his insight on the differences between artificial intelligence and automation, and how AI is beginning to be used for information security.
Artificial Intelligence Vs. Automation
Cody was quick to point out that the differences between automation and artificial intelligence can be confusing at first, but the intent of the two ways we disseminate and use data is somewhat different.
"Typically, how we define artificial intelligence is the ability to take an object and make it act like a human," Cody explains. "I think the difference between automation and artificial intelligence is how you are making decisions at the moment on what you are going to do."
With AI or machine learning, automation intends to feed AI essentially. Artificial intelligence is essentially layered on top of automation to increase the power of the code, whether it be to halt advanced persistent threats, or really anything that can't be done with just automation. The point being that AI, and machine learning, work in a capacity that manipulates the data, something that automation can't do on its own.
In Cody's words, "Automation is an opportunity to define and model what should happen in particular states. And what you can do is layer artificial intelligence on top of that, or machine learning which is obviously a subset of AI. How do I manipulate the variables over time-based on the information that I'm seeing?"
AI and Machine Learning Are Now Helping SecOps Teams
So how exactly is artificial intelligence to help security operations (SecOps) teams? It turns out that AI and machine learning are the new frontier for information security, and it's being done with platforms, such as security orchestration, automation, and response, aka SOAR.
Security orchestration, automation and response (SOAR) is a platform that empowers organizations to manage, respond to and neutralize cyber threats with the adaptability, efficiency, and speed necessary to combat today’s rapidly evolving cyber threats.
Really what SOAR is trying to achieve is to help companies that don't always have the human resources available to keep an organization safe in real-time. The problem is that there isn't enough people or capital available to do incident response, security ops, and security engineering in real-time. There are many tasks involved, and the work can be extremely cumbersome. Ultimately, SOAR takes on those real-time security tasks and all the work associated with those initiatives, so that security teams can dedicate more of their time exploring the issues at hand and pivoting where needed.
"Our goal is to make sure that organizations have the bandwidth to look at all the things that are happening in their environment; take in all those alerts, alarms, tasks, notifications, whatever they are, and actually making sure those are being managed and triaged," says Cody.
Will AI Ever Replace Humans in SecOps?
The short answer is, “Absolutely not!” It turns out there is far too much that needs a human touch that AI couldn’t possibly do accurately. Cody also doesn’t think that will ever be the case either.
“I personally don’t think we will ever be able to take the human component out of security —either detection or response. To me, we are always dealing with people on the other side of this. Every campaign from an adversary perspective that’s launched, it’s launched by a person.”
It’s an important indication that Cody makes. The threat landscape is forever changing, and that’s because people, not robots, are launching these attacks. As long as there are people that can imagine outside the realm of what a AI has been taught, people will always be the last wall of defense.