The cybersecurity industry has found itself caught in a paradox. On one hand, there's a clear shortage of skilled security professionals—a talent and skills gap that has grown wider in recent years. On the other hand, the rapid advancement of technology has given rise to sophisticated AI and automation capabilities, leading many to believe that machines can fill this void.
While many vendors tout the capabilities of AI and machine learning, it also raises a fundamental question: can AI truly replace the intuition and contextual understanding that human experts bring to the table?
In this blog post, we'll explore the ongoing battle between human intelligence and artificial intelligence, emphasizing why human-powered cybersecurity remains indispensable in the fight against evolving cyber threats.
The Cyber Talent Drought
We’re dealing with a critical shortage of cybersecurity talent. Organizations of all sizes are locked in fierce competition to find security experts who can fortify their defenses. Yet the demand for these experts far outweighs the supply. There isn't enough cyber talent to go around, which is leading to unfilled positions and mounting vulnerabilities. In fact, it’s estimated that there will be 3.5 million unfilled cybersecurity jobs globally in 2023, according to Cybersecurity Ventures.
The Rise of AI and Automation
In response to this critical issue, AI and automation have quickly ascended as potential “saviors.” These technologies excel at processing vast amounts of data and detecting known patterns of malicious activity. However, they fall short when it comes to understanding the nuances of evolving threats and adapting to unique situations.
Threat actors know how to sneak their way around automation-reliant defenses. We’ve seen this time and time again with obfuscated malware, defense evasion, and other evasion techniques.
AI and automation are not a silver bullet in security—nor should they be promised as one. Sure, they are a useful and effective layer of defense. But that’s just it; they’re just one layer that should be added underneath other layers of security products and human expertise.
The Human Element in Cybersecurity
We’ve established that AI and machine learning have their place in security, but what happens when the automated solution fails? What happens when they miss something or get outplayed?
That’s where the human element comes in.
Human experts often have a unique blend of qualities that technology alone cannot replicate. This shows up in ways like:
- Contextual Understanding: Human experts can evaluate situations and consider the subtleties and motivations behind cyber threats, which AI can’t really “learn” on its own.
- Intuitive Decision-Making: It’s hard to beat human intuition, and it’s something that’s honed through real experience and training.
- Adaptability: Human traits like creativity and adaptability are much more effective at countering unknown or unexpected threats, ones that don’t have pre-defined behaviors or signatures that automated tools latch on to.
In a world where technology usually reigns supreme, we believe that human expertise should be at the forefront of cyber defense—and that’s always something we have and always will shout from the rooftops at Huntress.
An Example: EDR + Expertise
To illustrate the value of humans blended with technology, let’s look at endpoint detection and response (EDR) as an example.
While many EDR solutions (even our own) are equipped with powerful automated detection capabilities, they often encounter threats that are designed to circumvent these detectors. That’s why having that layer of human expertise is critical—both in managing EDR tools and providing essential context for threats and alerts.
EDR is inherently noisy; there are thousands of actions occurring on a single endpoint each minute that can be used to generate an alert. Some of this is high-fidelity information that we know is “known bad,” but a large portion is contextual data that needs to be pieced together to see the broader picture. The trick is knowing what to collect and process and when to rely on raw people power.
That’s how we do it at Huntress. We combine our EDR technology with the management and insight of our dedicated SOC (security operations center) team. This human-tech partnership allows us to efficiently handle alerts, reduce noise and false positives, and ensure that every potential threat is thoroughly assessed within its broader context.
Closing Thoughts
To get back to our fundamental question: can AI replace what human experts bring to the table? The answer is surely no. But it shouldn’t be ruled out completely—we actually can have both.
AI and automation enhance our ability to identify and respond to threats, yet they are most useful when coupled with the insights of human experts. Talented humans can (and should) always have a place in security and threat detection. But it’s the combination of human intelligence and technology that’s the key to staying one step ahead of today’s cyber threats.
If you’d like to learn more about how Huntress pairs technology with human intelligence, check out these resources:
- White Paper: The True Value of People-Powered Cybersecurity
- Webinar: The Power of People: Inside Huntress EDR + 24/7 SOC
