People + Machines: Why Threat & Risk Analysis Will Never Be The Same

In the threat and risk intelligence space, there are numerous offerings and they each provide an array of capabilities. Many offer some level of real-time or near-real-time data feeds. A few are even using AI and ML to try to provide insights or foresight to help analysts make decisions and recommendations.  

While these functionalities are indeed very helpful, they can only take security, operations or risk leaders so far. What’s missing in most cases is the human analysis. Human experts are able to review the data being generated and then provide historical context and expertise, which can really improve the predictive accuracy of the information provided – empowering security operations professionals to not just react to data being served, but preemptively plan based on the insights the human analysts are providing. Because no matter how advanced or innovative our computers and the software that powers them are, the human brain offers benefits that machines simply can’t.  

Creating a cyclical process where people and technology work together – teaching each other and pushing each other to become smarter, faster, better – is the next evolution in the threat and risk intelligence space  

This is the concept behind augmented analytics. While augmented analytics is not a new concept, it is now evolved enough to be useful to the security operations space, delivering answers and needs to security teams and changing the way organizations make decisions around the risk and threat of their strategic investments, how they behave when it comes to the safety of their people, or the approach they take to navigating supply chain disruptions. 

Augmented analytics is so effective because there are real-life people involved – on-the-ground experts who have a deep and long-term historical understanding of the locations being analyzed. These people live and breathe complicated, complex environments and are truly knowledgeable on the ins and outs of the businesses, people, and culture they are analyzing.  

For example, if the augmented analytics solution is providing a business with intelligence on Mozambique, the client can feel more confident in the assessment knowing there are analysts who are living in that country. That they understand the nuances of the culture there. They understand the politics and the deep-seated beliefs based on the history of that region, and know what is significant and what is not – outside of what headlines might lead you to believe. The value of these on-the-ground analysts is they can see a news story buried on page A20 of the local newspaper and know this will have a more significant long-term impact than the story that claims the “above the fold” real estate. A machine or person without true local insight might overlook this information.  

They aren’t simply monitoring it from afar. They are listening, observing, and living in that country.  

What’s powerful about augmented analytics is that these local analysts are not only informing the analyst/user of the solution, but they’re also “educating” the algorithms via machine learning (ML) technology. The result being that the ML is always improving and producing over time increasingly accurate, intelligent, and useful threat and risk predictions. It’s an unending, cyclical process of the people and machines working together and honing each other’s skillsets. 

How? The on-the-ground analysts tell the data science team what details, sources and specifics the technology is missing so the ML can be trained to identify this information moving forward. And the machines return the favor by serving up details that quite possibly the experts aren’t aware of. The technology ensures our people don’t get caught up in subjective analysis or develop a bias toward an analytical process. The result? Smarter analysts who then create more intelligent machines.  

Effective threat and risk intelligence must be an ever-evolving, ever-refining process. 

The world is always changing. The types of news and social sources are always changing. And so it’s in a continual stage of product evolution. The goal can’t and shouldn’t be to create one amazing product. It is to enable people and technology to evolve faster than the risk or threat can – helping security managers protect their people, their facilities, their assets, their supply chains, and their reputations. 

It’s not enough for our machines to predict. And it’s not enough for human experts to analyze the intel the machines deliver. It’s time for more. 

For the second year in a row in 2022, SIA’s annual Security Megatrends report found that artificial intelligence (AI – mostly in the form of ML) was the predominant trend shaping the security industry, as companies have embraced the technology’s promise through advanced audio analytics, complex facial recognition, cutting-edge video surveillance scene processing and robotics and drones. 

That being said, while organizations actively leverage AI and ML at increased frequencies, it must be remembered that machines alone are not enough. Humans are needed to help interpret the information; after all, machines struggle to or sometimes mis-interpret sarcasm or tone.  

Additionally, the analysis provided by a machine is only as good as the data it has access to. Relying only on computer data analysis in areas where open sources are less plentiful or more censored will result in an incomplete/distorted picture. Alternatively, when there’s a lot of data or information, without clear parameters, computers can struggle to identify the right or most important data. As a result, the output can be devoid of insights and an analyst left with “noise”. The conclusion being – humans and machines are the right, and the best, partners. Alone they both have many challenges and limitations, but together their strengths are magnified and their flaws are diminished. Machines are the ultimate human counterparts. By harnessing their capabilities, it frees up considerable amounts of time your people were previously spending as they manually processed and analyzed data. It’s time to let the machines do the grunt work – they’ll do it faster, and often better than people could ever do. This gives humans the unprecedented opportunity to hone in on data and problems that might have been overlooked in the past. And to cull out insights that help security teams predict and plan instead of react and mitigate.  

Is your organization combining the power of people and machines? If not, why? It’s time to reimagine the decision-making loop.  

Sign up for our Newsletter!

Our website uses cookies. By agreeing, you accept the use of cookies in accordance with our cookie policy.  Continued use of our website automatically accepts our terms.

Subscribe to receive insights from Seerist.