Five basic rules from Lesley Carhart:
- Computers are good at detecting computer-automated stuff, and should be used for this as much as possible.
- Computers are not great at detecting novel human-driven stuff, and they never will be. Particularly abuse of authorized tools and access.
- Adversary goals to intrude into networks will never change.
- Adversaries will always invest in both AI tools and large human work forces.
- Keeping both these rules in mind, we will always need human defenders to keep up with novel human techniques, and to improve our automation-detecting and task-automating tools.