Skip to main content

Is it Intelligent to Fully Automate, Taking Humans Out of the Equation?

April 04, 2017

At a recent conference, I heard a speaker say, “Medical diagnoses will be done completely without a human doctor in the future – computers will be able to diagnose patients faster, and more accurately than humans.” Having served in this industry since 1989, I have to be careful not to spit up my coffee when I hear such global statements. 

CTI Automation

Let’s expand on the concept of medical doctors and automation. If a patient is able to accurately describe their symptoms and machines collect basic information such as blood pressure and temperature, initial diagnosis may be performed. This is not unlike triage in the world of incident response, where factual initial information can establish a working context of what may be malicious. But what happens if the patient is five years old and can’t describe anything very well other than “I don’t feel very good” or “my tummy hurts”? Inability to specify symptoms is just one of several interpretive challenges for automation in the world of medicine.

Another challenge is that of accuracy by the patient. Perhaps the patient is ‘wishy washy’ on their symptoms or non-specific (certain sicknesses, such as mono, can be hard to describe). Or worse, the patient could be attempting to manipulate the system because they wish to obtain a specific prescription medication. The ‘human-factor’ of this process cannot be easily managed by a computer (let alone a human) but necessarily involves higher level interpretive skills that are human (non-verbal, emotions, spiritual, etc.). Let’s not forget about the things that are not mentioned or offered up by a patient, which a real doctor may notice or discuss and an automated solution would likely fail to address. This just barely touches on some of the realities of how humans must be involved in the process.

The world of cyber threat intelligence involves a hybrid of automated and human-based development and actions. A botnet is a good example of this, where a worm component spreads automatically by design but is also remotely controlled by a human (the bot herder). As a result, it’s highly efficient and scalable but also involves the human element making prediction of actions or behaviors that are complicated to predict or respond too.

Machine-readable threat intelligence is clearly an emerging market to deal with information overload. Entry-level feeds and threat intelligence data can be derived from such affordable solutions, especially as it relates to opportunistic, global eCrime. Full automation can be used, for the most part, to deliver such information to organizations as they seek to enrich their intelligence solutions.  

Mature practices in medical and cyber threat intelligence industries require more robust solutions involving automation and humans for best performance. In the future, I can easily see fully automated triage solutions in quick care centers and hospitals, designed to free up critical resources, and process patients efficiently and consistently. I also see highly skilled humans performing more advanced jobs that require critical thinking and troubleshooting skills, and interpreting human behavior, emotions and actions. It is short sighted to think we’ll ever fully rely upon just automation or just humans – it will never happen. If you doubt this look up quotes about paper free offices from the 1990s and walk through an office today.

Over time machine-readable threat intelligence will be integrated with other solutions in a multi-tiered fashion. Think endpoints, MSS, policy, and configuration with real-time actions. When we combine forces - machines and humans - we can do amazing things not possible without such teamwork. Since scalability is huge in this massive information age, it’s essential for any successful solution of the future.

    Ken Dunham

By: Ken Dunham

Senior Director, Technical Cyber Threat Intelligence

See More

Related Blogs

March 22, 2018

Intelligence Bulletin – MinionGhost Reemerges

At approximately 9:30am EDT on 20 March 2018, hacktivist collective, MinionGhost, announced planned cyber attacks against unspecified Asian entities. ...

See Details

March 15, 2018


Pass-the-hash (PtH) is an all too common form of credentials attack, especially since the advent of a tool called Mimikatz. Using PtH to extract from ...

See Details

December 13, 2017

Cyber Threat Intelligence Requires Commitment

It’s been said that in a breakfast of bacon and eggs, the chicken is involved but the pig is committed. This saying is relevant when implementing a cy...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.