The SOC organic


These days, you can’t swing a quantum cat without hitting a conversation about how recent artificial intelligence (AI) breakthroughs are changing our lives. Having grown up during the dawn of personal computing, the internet (*insert dialup modem sounds*), and cybersecurity, embracing new technology to find out what cool new things I can do is totally my jam. I’m right there along with you in the assess, adapt, and adopt queue with AI.

Innovations like ChatGPT are incredible. However, they’re primarily designed to solve a problem we didn’t have in The Olden Times©. Before the information superhighway, before copying and floppying, before we surfed the world wide web, we had—stay with me here–libraries. And so far, AI hasn’t managed to replicate what’s best about libraries.

You may be asking yourself, “What does this have to do with cybersecurity?” Read on to find out.

I absolutely adore libraries. The more books the better. Old books, new books, books written in other languages, reference, literature, fiction, everything, all of it.

But books, admittedly, have some significant limitations. They’re not immediately searchable and it’s not easy to consume the data at speed, for example. The information in a book that you want must be ingested, deciphered, and contextualized. Some books and some readers do that far better than others, but the results are inconsistent. In the past, reading fast and being able to comprehend everything as much as possible in a systematic way was the primary strategy for getting the information you needed (aka “research”).

Digital publishing and search engines fixed all that. They initially solved the problem quite well and we were all participants in this great experiment of connecting the world to information and placing it at our fingertips. At any given time I can search and receive the exact answer to a query like, “What is the airspeed velocity of an unladen swallow?” just by typing or speaking the question into the appropriate search engine. (It’s 31-40 mph, BTW.)

Then things changed. Search engines improved their capabilities and the dataset grew, but now we have a different challenge standing between us and the information we seek—namely, search engine marketing. One problem is that organic results, which are usually what you’re looking for, can be buried beneath advertising (many times the top organic result doesn’t even appear on the first screen). Also, as most of us know from frustrating experience, it can still be hard to find what you want—we can try every combination of search terms we can think of and still come up dry.

That’s where the new AI chatbots come into play (Microsoft recently launched its new ChatGPT-fueled Bing and Google’s Bard is on the way). Given the right prompt, they can help us cut through the noise to the information we really want. We all ultimately want clear answers, and AI does this pretty well. (Although the ads won’t go away, there should now be a cleaner signal:noise ratio.)

There are some things missing, though. Context for one. For example, AI knows your purchasing history and consumer profile, but it doesn’t necessarily know you or your hopes and dreams, as it were. It doesn’t have any lived experiences that mirror your own. These context-free large language models have never been a person before (as recent chat transcripts make clear). They won’t necessarily make connections to secondary factors relevant to your inquiry and they probably won’t have a useful knack for the tactical application of serendipity.

Libraries have always had a solution to that problem, though. Enter stage left, the amazing and borderline-omniscient Research Librarian! Ask any question of this highly trained, friendly neighborhood expert in just about everything, and you’ll shortly receive straight, relevant answers, additional recommendations, along with additional context. Their training and experience allows them to deliver these results in the way you find most useful.

I now submit to you, Dear Reader, my thesis: human civilization, in the development of AI, has been trying to reinvent something we pretty much always had, and still have today. Clear answers, delivered in a way that makes sense, with other valuable information attached and applied in a personalized context—I think along the way we simply became so distracted by shiny new objects that we forgot the important part. Information, like any tool, is only as good as your ability to use it, and how it’s delivered matters.

And now, we come to answering the question posed above.

Our team here at Expel keeps that end goal in mind. Our customers tell us they need max signal—specific information, relevant context, references, and suggestions for further reading, and they need the noise eliminated. To deliver on that, we believe managed detection and response (MDR) should be as organic as possible and it should seamlessly integrate the best available automation technologies with the experience and insight of analysts who’ve been there, done that, and understand what customers need. Tools should be designed and implemented with the ability to scale in mind and customers’ desired results should always be the foundation for everything a provider does.

This is the issue: what makes libraries awesome, and what AI is missing, is people. And we’re big fans of people. As customers shop around the security space, they always hear how there’s a better way. But too many have never been asked, only told. If security vendors pose questions and listen in good faith, prospects will tell them what that better way looks like.

So as we consider the role that AI plays in cybersecurity, remember that it’s a tool. It’s pretty darn interesting, and brings with it major potential. But unless something significant changes, it won’t deliver the outcomes that organizations need to keep their systems safe without a human touch and perspective.

One more thing. If it’s been a while since you’ve visited your local public library, now is a great time to go. The membership cards are a lot cooler now, there’s terabytes and tebibytes of digital comic books you can download and read, and some branches even have 3D printers and CnC machines you can use.

While you’re there, chat with the research librarians and ask them about the services they provide. Maybe tell them, “Expel sent me.” They’ll initially have zero idea what you’re on about, of course, but if you send them this post it just might provide them additional…and relevant…context.

Great eXpeltations 2023