August 22, 2018
August 22, 2018
Automation is changing the shape of just about every job in every major industry. For knowledge workers—that is, workers who process or make use of information for their work—the wave of automation sweeping the global economy is creating new opportunities to apply their creativity and think more strategically about their organizations and their roles. Though the concept of automation tends to evoke fear, the fact is that automation is making humans—and knowledge workers in particular—more relevant than ever.
The field of information technology (IT) security, or InfoSec, is no exception. Automation is altering the face of both criminal activity—as those attacking IT infrastructures take advantage of automation—and our defenses. Today’s corporate security personnel are looking to apply automation to help detect and respond to existing threats more quickly, while freeing up resources from previously manual tasks so they can apply human intuition and smarts to hunt down the very latest cyber-threats.
Automating security operations and processes is no longer a “nice-to-have”—it’s a “need-to-have.” Boards must understand the basics of InfoSec and its automation to make informed decisions on their organization’s IT security. Here’s what you need to know.
The benefits of automation
Automation is having such a significant impact on InfoSec, as well as everywhere else, because of its major benefits:
How automation helps cyber-attackers
Automation provides plenty of benefits to legitimate businesses, but these also apply to criminal activity—particularly in the increasingly lucrative area of hacking for profit and political gain. Some of the specific ways cyber-attackers use automation include:
How automation helps defenders
Fortunately, automation can also greatly aid our cyber-defenders. Key to automation here is the concept of orchestration.
Orchestration is a way to connect different tools to integrate security and IT systems that might not otherwise share information. With its streamlined connecting layer, orchestration might even be thought of as the engine that makes security automation go, since no single security solution is likely to provide adequate defense against every foreseeable type of threat.
Given the sheer number of threats and attacks today and the myriad tools available for detecting and responding to them, orchestration has become an important capability for IT and security organizations of just about any size.
Especially when enhanced by orchestration, security automation helps defenders:
Automated systems can now even perform routine analysis chores such as examining suspicious emails for signs of phishing attacks, as well as execute routine remediation chores such as hunting down emails determined to pose a threat to inboxes throughout a network.
The future of automation
Automation is having a snowball effect, taking over more and more routine tasks and increasingly freeing up humans to do what they do best. As a recent McKinsey & Company report notes, people and automation will continue to work closely together for the foreseeable future, creating new opportunities for both in the process.
For InfoSec, this means automation will become evermore capable, even as attackers grow in sophistication. Automation will increasingly help human defenders more effectively manage the work of detecting their own vulnerabilities, analyzing and responding to breaches, and plugging security holes. And while automation won’t replace human analysis—at least anytime soon—it has already become a necessity for successful defense. Its capabilities will only grow more essential as time goes on.
Is your company leveraging automation in your security programs today? If you don’t know, be sure to ask your InfoSec leader at your next board meeting.