Technology driven or being driven by technology, the difference
I came across my fair share of companies who call themselves technology driven, but a few of those mistake technology driven with blindly trusting technology.
Let me start with this: the saying ‘one size fits all’ is a dead right indicator that the claimer doing some time in the day to day practice. Buckle up dear reader, because there is no such thing. Your company or department is different from all the other companies across the globe. Even if you are in the same industry or on the same market a unique selling proposition results always into a demand for an adjusted approach to technology.
What technology driven is not
Companies who call themselves technology driven have a tendency to equip themself with the latest and greatest soft- or hardware. A general believe that purchasing the buzzword winners of the year has established that this “one size approach” will help them improve their security/cyber/machine learning/AI/Virtual Reality/cryptografie game right away.
But technology driven doesn’t mean that buying and setting up a software will do everything just right at any time. The most expensive EDR doesn’t mean that the resulting data is meaningful. Same goes for all fields even the latest and greatest machine learning won’t likely produce any sound result without the data you train it with.
There will be always the need to reduce false positives and noise from the system. The tool can’t know that, but you do. To take the necessary steps to tune makes you truly technology driven and not driven by technology.
What technology driven is
It’s okay to rely on technology, everybody does it as technology itself gets more and more reliable. In general you may trust technology to do what it was designed for. A firewall will help you segregate your networks, block traffic from or to certain IP addresses and much more. Also SIEM will contribute to the intelligence and event management as well as a SOAR will make your response processes repeatable — no doubt about that.
All of these examples are great technologies you can rely to do the job you want it to do. Technology is able to adopt to your individual answer if you invest the time to define your needs/expectations first. You can drive this technology, answering this simple asked but never easily answered question. What do you actually want?
A simple example for this matter is a fitness tracker. You can buy it and it will display your activity level during the day. But is the step count really accurate? Your step distance is different if you are 1,60m (5.3 feet) or 2,00m (6.6 feet) tall. As a personal example I climb 10 stairs once an hour to get a coffee, but they almost never show. The reason behind this is that the staircase is actually pretty low, therefore the tracker barely makes out the difference. The solution to this is simple but effective, adjust the step wide to achieve better results.
Facial recognition is another nice example. Without good pictures of the people (and a ton of those) there will be no good result.
Last example is machine learning. If you try to teach a machine to detect phishing email, training those algorithms on your data alone produces better results. The reasoning behind it lays in the naturally grown uniqueness of your company. Maybe the IT department uses something fancy in the email headers or emails are bouncing back and forth between internal severs. Something that may look suspicious for an algorithm might be perfectly normal.
The bottom line is that manual effort is needed for every technology to work properly for you and your individual goals.
Side story time
Years ago, maybe seven years, I was invited to a customer who just purchased a SIEM solution. By that time I was a Security Intelligence Analyst, so I got asked to come around to explain and guide a bit.
With the SIEM being in place, they collected data from the firewall and after a day or two, they asked me a really simple question: “We see a lot of events about a blocked IP address, why does this happen?”. And yes, their firewalls blocked a certain IP address and no, I have no idea why someone in their company decided to block this IP address.
For me this is a great example of the difference between driven by technology and technology driven. The naked truth was that the new tool didn’t do anything, the SIEM mainly made something visible which was always there.
You may drive this technology and learn to use it to the fullest and improve your overall adoption. Adjust being the keyword, for better and smoother processes it is recommendable to adopt the technology, maintain it well tuned and integrate it into your environment.
“This machine has no brain, please use your own”
Cards on the table: are you being driven by technology or technology driven?
Please leave a 👏 and be excellent to each other