The importance of automation is not being overestimated, but the capacity of machine learning (ML) and other forms of artificial intelligence (AI) applications to achieve trustworthiness in automation is. To succeed with AI for automated cyber security, we need to let go of the unrealistic goal of trustworthiness. Use it, but don’t trust it.
The volume of data which could indicate an attack or be lost as a result of an attack requires a level of surveillance that is beyond what a team of human cyber security experts could achieve. The very definition of threat and anomaly detection (TAD) is a recipe for automation: finding outliers in a dataset, a repetitive task to identify patterns.