Partner Perspectives  Connecting marketers to our tech communities.
12/14/2016
03:07 PM
Josh Thurston
Josh Thurston
Partner Perspectives
50%
50%

Its Time For Organizations To Automate Security

Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.

Dishwashers are a great invention; they use automation to do a repetitive, high-value task that does not require much skill. It is time to bring your security team out of the 1970s and stop making them wash the cybersecurity dishes by hand.

The addition of automation to washing dishes has several benefits, besides eliminating the boring task of dishwashing and creating dishpan hands. Dishwashers make more efficient use of time, water, and soap, and they dry dishes sanitarily without towels. They process and remove excess waste and reduce the incidence of broken plates and glasses caused by human error. And they reduce clutter and keep the counter and sink clear for more important items. Most of us wouldn't own a home without a dishwasher, and we certainly wouldn't run a restaurant or other food business without one.

Every cyberattack gets your systems dirty, and manually cleaning up after an infection or a breach takes a long time. Employees need to research the malware to find out how to properly clean it, then scour every system for traces of files, registry entries, and other malware artifacts. This is not only time consuming, but prone to human error and omission, leaving your organization open to reinfection. Here are some of the advantages of automating your organization’s security processes:

Security automation makes more efficient use of scarce resources, freeing them up for more proactive tasks. Existing threat defenses are already doing this, automatically and continuously watching for known attacks and blocking them before they get inside. Building on this, advanced threat defenses dynamically watch for anomalous behavior and act quickly to contain unknown threats from inflicting serious harm. Security information and event management (SIEM) software takes this a step further, applying new threat intelligence to historical events to see if any systems were previously affected, and applying appropriate countermeasures. The scale of these actions is beyond the capacity of even the largest, most experienced security team to complete manually in a reasonable timeframe.

Security automation is more sanitary, ensuring that infections are truly eradicated. If an attack does get through the defenses, manual cleanup is more likely to miss something than an automated process. Where an automatic dishwasher performs the same task on all the items in it, an automated cleaning process works through every registry change, file artifact, and malicious process on each machine, ensuring that the work is consistent throughout the network.

Security automation can process more, ensuring that attacks are dealt with quickly and potential compromises contained. The volume of alerts is too much for humans to process manually -- and the pattern recognition and correlation required to identify anomalous behavior is too broad for humans to work with -- but machines are perfectly suited to these activities. Combining machine processing with human judgment produces a more powerful combination than either alone.

Security automation is less prone to human error. When humans do tedious and repetitive tasks, they become increasingly likely to skip steps, miss indicators, or simply make mistakes. For example, checking and repairing or replacing registry keys -- which can be many levels deep and have similar names and similar complex numerical values -- is not only tedious to do manually, but a mistake can result in an unusable system and create even more work to restore it to a functional state.

If your security tools are not integrated and automated, you have multiple tools, notes, files, and logs that you need to analyze and stitch together, often by cutting and pasting among apps. Integration, automation, and workflow orchestration bring these tasks together so that dirty dishes go in, and clean, dry dishes come out. 

Every business is a cybersecurity business, and it is time to replace repetitive high-value but lower-skill security tasks with automation. If you are still not automated, you are washing dishes by hand. Get ahead of the curve, reduce risk, and make your security team an efficient and effective unit, with no more dishpan hands.

Josh Thurston is a security strategist in the Intel Security Office of the CTO.  In this role, Thurston drives business growth and defines the Intel Security go-to-market strategy for the Americas, creating and communicating innovative solutions for today's complex ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
LeviB623
50%
50%
LeviB623,
User Rank: Apprentice
12/15/2016 | 6:33:02 AM
mysql security
This is a nice blog for mysql security, but Data sunrise provides more data security from accessing for unwanted users. And easily restore your encrypted data. Visit Here:- https://www.datasunrise.com/products/
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8939
PUBLISHED: 2019-02-19
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.
CVE-2019-8935
PUBLISHED: 2019-02-19
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.
CVE-2019-3812
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.