Topics:   Cybersecurity,Technology

Topics:   Cybersecurity,Technology

August 22, 2018

How Automation is Disrupting (and Accelerating) InfoSec

August 22, 2018

Automation is changing the shape of just about every job in every major industry. For knowledge workers—that is, workers who process or make use of information for their work—the wave of automation sweeping the global economy is creating new opportunities to apply their creativity and think more strategically about their organizations and their roles. Though the concept of automation tends to evoke fear, the fact is that automation is making humans—and knowledge workers in particular—more relevant than ever.

The field of information technology (IT) security, or InfoSec, is no exception. Automation is altering the face of both criminal activity—as those attacking IT infrastructures take advantage of automation—and our defenses. Today’s corporate security personnel are looking to apply automation to help detect and respond to existing threats more quickly, while freeing up resources from previously manual tasks so they can apply human intuition and smarts to hunt down the very latest cyber-threats.

Automating security operations and processes is no longer a “nice-to-have”—it’s a “need-to-have.” Boards must understand the basics of InfoSec and its automation to make informed decisions on their organization’s IT security. Here’s what you need to know.

The benefits of automation

Automation is having such a significant impact on InfoSec, as well as everywhere else, because of its major benefits:

  • Greater efficiency for processes: Automation performs routine tasks more rapidly and at greater scale than human workers can execute alone, saving valuable person-hours.
  • Better-quality products and services: Whether helping to create software, make cars, or provide services to customers, automation reduces errors, reliably repeating results without the types of mistakes humans often introduce.
  • Better-performing workers: While automation may perform rote tasks more efficiently and reliably than humans, people excel at creative work—and they can focus on it when freed by automation. The result is more engaged workers who have more interesting work to do.
  • Faster innovation: Without routine tasks on their plate, workers can spend more time generating the new ideas essential to innovation, then execute them.

How automation helps cyber-attackers

Automation provides plenty of benefits to legitimate businesses, but these also apply to criminal activity—particularly in the increasingly lucrative area of hacking for profit and political gain. Some of the specific ways cyber-attackers use automation include:

  • Speeding up the process of identifying vulnerable systems: Automated systems can relentlessly ping networks and individual devices day and night to search for
  • Penetrating vulnerable systems: Once identified, vulnerable systems are then open to automated attacks to give hackers entry.
  • Performing initial reconnaissance once inside a system: Much of the work of determining the extent of the information available for exploitation can also fall to automation.
  • Creating botnets: Software can automatically and stealthily add a computer to a network of compromised systems churning out more attacks, stealing data, and more.

How automation helps defenders

Fortunately, automation can also greatly aid our cyber-defenders. Key to automation here is the concept of orchestration.

Orchestration is a way to connect different tools to integrate security and IT systems that might not otherwise share information. With its streamlined connecting layer, orchestration might even be thought of as the engine that makes security automation go, since no single security solution is likely to provide adequate defense against every foreseeable type of threat.

Given the sheer number of threats and attacks today and the myriad tools available for detecting and responding to them, orchestration has become an important capability for IT and security organizations of just about any size.

Especially when enhanced by orchestration, security automation helps defenders:

  • Keep up with the deluge of attacks from automated systems by identifying those attacks more quickly and reliably than humans can by themselves.
  • Build automated processes that unite people, processes, and technology across security, IT, and development teams, resulting in shared visibility and analytics to strengthen (and hasten) defense.
  • Perform strategic analysis of attacks, leaving otherwise tedious and time-consuming pattern-finding chores to automation.
  • Respond to attacks more quickly by reducing or eliminating false alerts, letting defenders focus on what truly needs their attention.
  • Free up time to innovate—that is, the work of anticipating new types of threats coming over the horizon and strategizing about how to harden their systems against them.

Automated systems can now even perform routine analysis chores such as examining suspicious emails for signs of phishing attacks, as well as execute routine remediation chores such as hunting down emails determined to pose a threat to inboxes throughout a network.

The future of automation 

Automation is having a snowball effect, taking over more and more routine tasks and increasingly freeing up humans to do what they do best. As a recent McKinsey & Company report notes, people and automation will continue to work closely together for the foreseeable future, creating new opportunities for both in the process.

For InfoSec, this means automation will become evermore capable, even as attackers grow in sophistication. Automation will increasingly help human defenders more effectively manage the work of detecting their own vulnerabilities, analyzing and responding to breaches, and plugging security holes. And while automation won’t replace human analysis—at least anytime soon—it has already become a necessity for successful defense. Its capabilities will only grow more essential as time goes on.

Is your company leveraging automation in your security programs today? If you don’t know, be sure to ask your InfoSec leader at your next board meeting.

 

Comments