Automation in Infosec
The future of security is speed and persuasiveness. Whoever accomplishes the OODA loop (or additive factors if you like) first has an incredible advantage. In information security, that means automation and machine learning making contextual decisions faster than humans ever could. It will be defense's algorithms against offense's. The second part is probably more interesting. Machine learning is output generated from input. In essence, humans are a much less predictable version of the same. As such, any actor or algorithm, offensive or defensive, that can figure out what input to the opposing side produces the outcome they want, and provide that input before losing will win. Because it needs to happen at speed, it's also likely to be algorithmic. We already train adversarial models to do this.Infosec 1%'ers
The need for speed and persuasiveness driving automation and artificial intelligence in information security is it's own blog. I touch on it here because, in reality, it only describes the infosec 1%'ers. While a Google or Microsoft may be able to guard their interests with robust automation and machine learning, the local app developer, law office, or grocery store will not.Which brings us to the recent malware. It should be a wake-up call to all information security professionals. It utilizes no new knowledge, but it provides a datapoint in the trend of automation. While the 1%, or even 50% defender might not be affected, the publicly known level of automation in infosec attack is easily ahead of a large portion of the internet and appears to be growing faster than defensive automation due to adherence to engineering practices for system management. Imagine malware automating the analysis process in bloodhound. Imagine an attack graph, knowledgeable about how to turn emails/credentials/vulnerabilities into attacks/malware, and malware/attacks into email/credentials, was built into a piece of malware, causing it to spread, unhindered as it creeps across the trust relationships that connect everyone on the planet. This could easily be implemented as a plugin for a tool such as armitage.
The haves and the have-nots in automation ofiInfosec casts light on the disparity between tech's elite and the uninitiated. Just as many grapple with this divide, there are those silently seeking help with my dissertation, bridging knowledge gaps one page at a time.
ReplyDelete