Automation is now a primary driving force in the cybersecurity space, and is leading the industry to a future where it could be "robot versus robot" in launching and defending network attacks, says Ed Amoroso, the former head of security at AT&T, who is now running his own security consultancy and information business, TAG Cyber.

The combination of automation and machine learning sets up a scenario where the defense might actually catch up, Amoroso says, if it can automate as effectively as many of those on offense already have.

Amoroso and the TAG Cyber LLC team are this week issuing their third annual series of reports on the state of cybersecurity, updating the three volumes of research TAG Cyber makes available for free download here. They cover updates to the 50 key controls chief security officers need to track, interviews with key individuals in the cybersecurity space and a list of all the current cyber security vendors. (See New Security Mantra: Explode-Offload-Reload and New Security Mantra: Explode-Offload-Reload.)

In an interview, Amoroso shares his thoughts on key themes that have developed in the past year -- automation being first -- and also explains why this year's volumes feature shorter articles and more visuals.

Based on feedback from his global audience, the former AT&T executive admits he's had to accept that visuals -- on paper and in video -- may be more powerful learning tools than lots of words. To that end, the newer volumes are shorter and broken into 50 segments, each with a graphic, that can be more easily consumed by anyone with interest in cybersecurity -- not just experts. TAG Cyber also is adding a video channel to its resources very soon that will feature about 100 video interviews.

Figure 1: One of many visual elements in TAG Cyber's latest reports, this one looks at trends in firewalls. (Source: TAG Cyber)

"I hate to admit this, but I think people are probably at the point where they consume better from visuals and video than they do from technical documents," Amoroso says. "I'm not sure that's a good thing, but my goal is to help, so it does me no good to write big long-form books, 400-page books, if people are not going to go through all of that."

The three themes
The three themes Amoroso calls out are actually pretty familiar ones, but his viewpoint on each is interesting. Automation, analytics and cloud are well-documented trends across the telecom space, including cybersecurity.

Where automation is concerned, he sees the need to deal with speed and scale in responding to increasingly automated attacks as a priority for cybersecurity vendors and says companies that succeed in this space must embrace automation.

"It's about work flow and data handling and decision-making and it's about integration with other components," Amoroso says. By way of example, he points to distributed denial of service (DDoS) attack detection and mitigation systems which once required experts to hover and be available to push dials but now automatically detect anomalies and implement mitigation.

"When that lives in a world of software-defined networking, you can do SD-WAN provisioning based on DDoS detection," he explains. "It detects something is brewing, a botnet, and suddenly SD-WAN provisioning and capacity management and rerouting is all done automatically and the human beings sit and watch the flow change based on a botnet. That used to be me and my friends doing it with BGP commands."

How will service providers enable automated and efficient network operations to support NFV & SDN? Find the answers at Light Reading's Software-Defined Operations & the Autonomous Network event in London, November 7-8. Take advantage of this opportunity to learn from and network with industry experts – communications service providers get in free!

Taken to its eventual extreme, he adds, "this is going to be robot versus robot -- we are going to see who can build better cybersecurity automation -- the offense will push a button on their automation and the defense will push a button on their automation and we'll sit back and have at it. It's a bizarre way of thinking about the future."

Analytics gets real
Analytics has been bandied about as a marketing term for some time, based on simple correlation, Amoroso says, but machine learning has elevated analytics to something much more important and useful.

Using massive compute power running parallel distributed algorithms, cybersecurity systems based on machine learning are far more capable of finding the many different variants of malware based on the millions of examples of similar behavior they have processed, he notes.

"This is really powerful for the defense because put yourself on the offensive side, what does this do to your ability to hide malware? It changes the game significantly," Amoroso says. "That is a really powerful concept and something I think is an exciting development. I'm at the point now where I'm almost ready to say we are bending the defense curve down. Defense is accelerating, and offense is in a linear growth. It's not unreasonable to expect that at some point the defense actually catches up."

The cloud gets secured
The third trend is the most obvious, in Amoroso's mind, because cloud has become pervasive -- no one is on the sidelines on this one any longer. Even large enterprises, who once assumed they could do things better than the big cloud players are conceding that Amazon Web Services and Microsoft Azure have more powerful ways of protecting data than individual companies.

That doesn't mean running willy-nilly into the cloud with little regard for where data lives or how it is managed or recovered is a wise choice, either, but Amoroso has a pretty blunt answer for companies that do anything that haphazardly.

"If you are terrible at IT then you are terrible at IT whether you are perimeter or cloud," he comments. "If you are bad at making those determinations [about how to protect data and applications] then you are better off doing it in the cloud. From my perspective, this is the year that most people get it. Even if it's not perfect, even if any really good expert could point to Amazon or Microsoft or Google and list things they wish they would do better, I'd still bet it's much better than small or mid-size or even large companies are doing."

Ultimately, economics are driving businesses back to a centralized approach to computing, network and security and that's a good thing for the overall economy, Amoroso posits. After a decade or so in which companies operated their own data centers and their own networks, and tried to secure both, things have changed.

"The pendulum swings back to centralized," he says. "Think of how much money everyone saves. If I was an economist, I could do the math and say the positive impact on the entire economy for cloud computing, if it is done right, is massive. Because companies can get into business quicker, get to what they do faster, and are much more productive doing it."

— Carol Wilson, Editor-at-Large, Light Reading