A growing number of computer security thinkers, including myself, think that in the very near future, most computer security will be machine versus machine--good bots versus bad bots, completely automated. We are almost there now.
Fortunately or unfortunately, I don’t think we’ll get to a purely automated defense for a long, long time.
Today’s security defenses
Much of our computer security defenses are already completely automated. Our operating systems are more securely configured out of the box, from firmware startup to the operating system running apps in secure hardware-enforced virtual boundaries, than ever before. If left alone in their default state, our operating systems will auto-update themselves to minimize any known vulnerabilities that have been addressed by the OS vendor.
Most operating systems come with rudimentary blacklists of “bad apps” and “bad digital certificates” that they will not run and always-on firewalls with a nice set of “deny-by-default” rules. Each OS either contains a built-in, self-updating, antimalware program or the users or administrators install one as one of the first administrative tasks they perform. When a new malware program is released, most antimalware programs get a signature update within 24 hours.
Most enterprises are running or subscribing to event log message management services (e.g., security information event monitoring, or SIEM), that aggregate security events, report on them, and maybe automatically implement corrective actions (i.e., “self-healing”). Each of these protective services gets better and more accurate over time.
Tomorrow’s security defenses
Operating system vendors are working to provide even more automated security in the near future. One of the most daunting tasks for any enterprise admin is to make sure all the computers and devices under their control are securely configured and stay that way over the long run. Most enterprises already have software programs that inventory and control system security configuration settings. What is changing is that OS vendors will let trusted third parties, which have a better and more up-to-date understanding of the current security climate, more easily configure everyone’s computer.
Gloss