Gartner: Sculpting Change – Decision Intelligence
Written By: Austin Miller
“Oh, here we go”, I hear the SecPro community sigh, “here come the business-oriented buzzwords.” Decision intelligence is the process of improving our approach to decision-making using tools such as artificial intelligence (AI) and machine learning (ML). As you can tell, this isn’t anything new – it’s actually what the vast majority of businesses (especially large organizations!) are already doing.
Gartner’s inclusion of decision intelligence in the twelve emerging technologies is because this is a field that is on the brink of a breakthrough. Decision making – fast decision making – is key to the corporate culture of eternal growth and the survival of the slickest in the world of business will mean making better decisions than your competitors faster. So, how will that work and what can we expect to see?
What is decision intelligence?
As previously mentioned, decision intelligence is the combination of existing technologies to find the statistically best solution to a problem faster. This involves taking AI, big data, and analytics to create an automated system that supports, augments, and carries out decisions that are beneficial to the organization.
Product-centric businesses are the best example of industries that make the most of decision intelligence. Let’s say there is a company that produces widget a which is in direct competition with two other companies that produce similar widgets b, c. Not only can decision intelligence take customer feedback and sales metrics to modify the design and distribution processes, but competitor analysis also becomes a necessary strategic tool in the war for market presence.
Of course, that doesn’t sound very cybersecurity centric. How on earth can these intelligent approaches to marketing really inform the work-life of an IT team that is anxiously searching for the next adversarial threat?
How will decision intelligence improve cybersecurity?
As I noted at the start, there’s a great deal of suspicion in the world of cybersecurity about supposed “decision intelligence”. Is it any different to existing AI implementations? Is it really going to revolutionize security? Or is this just a convenient tool for marketers and product designers?
Fair questions, I say. However, let’s look back at what decision intelligence is for a second:
[Decision intelligence is] a practical domain framing a wide range of decision-making techniques bringing multiple traditional and advanced disciplines together to design, model, align, execute, monitor and tune decision models and processes. Those disciplines include decision management (including advanced nondeterministic techniques such as agent-based systems) and decision support as well as techniques such as descriptive, diagnostics and predictive analytics.
When we contextualize the need to automate, orchestrate, and – in effect – “smooth out” the decision-making process, we can already see decision intelligence is built into our security systems. Careful analysis of security-oriented services such as the CVE list as well as threat intelligence gathering are fundamental parts of the security workflow – so how will these concepts be improved by better approaches to data collection and utilization?
For example, security orchestration, automation, and response (SOAR) platforms are collections of programs that act as an automated defensive backbone for an IT team. Central to the SOAR approach is threat data collection and automatic responses to potential threats. If those responses are automatic and the system learns how to filter out false positives, the cybersecurity team has a massive leg-up on the emerging adversary!
Similarly, extended detection and response (XDR) is based on acquiring threat data and sharing any information about potential threats across the defensive posture. This is done to reduce the silo problem that security teams face – tools and workers are isolated from one another and cannot form a united bloc against the adversarial threat that is facing their organization. A more intelligent approach to data collection and handling allows security teams to create a better defensive posture.
SOAR and XDR platforms are only two examples of security platforms that use elements of decision intelligence in their approach. As we move forward and develop both security programs and decision intelligence philosophies, the role of the cybersecurity professional may be reduced to maintaining the existing software and intervening when the human brain still outsmarts AI-ML.
How can I implement decision intelligence?
As you can see, there are numerous platform types that already facilitate the adoption of a decision intelligence philosophy. Your role as a cybersecurity professional is to improve your security posture until tools like SOARs and XDRs are just as efficient and effective as the equivalent intelligent tools used by product managers, marketers, and other public-facing services. Is it possible? Of course! We’re already doing half of the stuff that decision intelligence demands – it is now just a long march towards improving to the point that the adversary is caught in a trap whenever they try to attack a system.
