Five basic rules from Lesley Carhart:

  • Computers are good at detecting computer-automated stuff, and should be used for this as much as possible.
  • Computers are not great at detecting novel human-driven stuff, and they never will be. Particularly abuse of authorized tools and access.
  • Adversary goals to intrude into networks will never change.
  • Adversaries will always invest in both AI tools and large human work forces.
  • Keeping both these rules in mind, we will always need human defenders to keep up with novel human techniques, and to improve our automation-detecting and task-automating tools.
Tony Meyer @tonyandrewmeyer