Man Beats Machine: The Indispensability of Human-Generated Threat Intelligence
In a world of advancing automation that brings countless benefits, human interaction remains a critical component of enterprise and public sector defense infrastructure – especially in the area of threat intelligence for IT security.
Keeping track of all the developments in IT security is difficult. Here, security professionals are directly confronted with several questions:
- What threats (e.g. vulnerabilities in hardware and software) exist?
- Which threats directly affect the IT infrastructure of my organization?
- Which systems do I patch first?
To answer these questions adequately and thus get one step closer to the security of one's own IT, Threat Intelligence (TI) offers assistance in problem solving. The principle is simple: provide IT threat intelligence, ideally tailored to the TI-relevant organization. IT security professionals and decision makers use the messages as recommended actions for patch management and general system hardening.
With Threat Intelligence, a distinction can be made between "machine-generated" and "human-generated". Here, as contained in the name, the messages are generated either by machines (e.g., an artificial intelligence) or by humans. Furthermore, a distinction is made between the recipients. There are both human-readable, i.e., understandable by humans, and machine-readable, i.e., designed for machines, Threat Intelligence.
Whereas in machine-generated TI an algorithm scours the web for threat information, in human-generated TI a group of IT security experts work to identify, analyze and evaluate all threats posed by vulnerabilities and hackers, and make appropriate recommendations for action.
The major advantages of humans over artificial intelligence are the interpretation of context and the ability to filter messages. The creators of the TI know the organization to be protected, know exactly about the hardware and software products used, and are also aware of the future redesigns of the IT landscape. Human analysts can anticipate which trends (e.g., advancing cloudification) will affect an organization in a few months or in many years. This enables a tailored compilation of a situation report for the TI-referencing organization. Relevance filtering also allows the patch process to be structured in a plannable way to close the most critical systems with the most critical vulnerabilities most quickly to avert potential threats.
Another argument for the use of human-generated threat intelligence is the exchange that takes place between IT security experts when discussing the situation reports. This promotes the development of new solutions and the mutual learning from each other strengthens the knowledge base.
As creators of Threat Intelligence, we make this experience in our daily work. Complion produces the contents of the VOICE Cyber Security Competence Center in cooperation with the German association of IT users, VOICE e.V.. Our impressions gained from this production of TI will be regularly described in this blog in the future.
For more information on the VOICE Cyber Security Competence Center, click here.
Author: Tobias Philipsen