Partner Perspectives  Connecting marketers to our tech communities.
12/14/2016
03:07 PM
Josh Thurston
Josh Thurston
Partner Perspectives
50%
50%

Its Time For Organizations To Automate Security

Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.

Dishwashers are a great invention; they use automation to do a repetitive, high-value task that does not require much skill. It is time to bring your security team out of the 1970s and stop making them wash the cybersecurity dishes by hand.

The addition of automation to washing dishes has several benefits, besides eliminating the boring task of dishwashing and creating dishpan hands. Dishwashers make more efficient use of time, water, and soap, and they dry dishes sanitarily without towels. They process and remove excess waste and reduce the incidence of broken plates and glasses caused by human error. And they reduce clutter and keep the counter and sink clear for more important items. Most of us wouldn't own a home without a dishwasher, and we certainly wouldn't run a restaurant or other food business without one.

Every cyberattack gets your systems dirty, and manually cleaning up after an infection or a breach takes a long time. Employees need to research the malware to find out how to properly clean it, then scour every system for traces of files, registry entries, and other malware artifacts. This is not only time consuming, but prone to human error and omission, leaving your organization open to reinfection. Here are some of the advantages of automating your organization’s security processes:

Security automation makes more efficient use of scarce resources, freeing them up for more proactive tasks. Existing threat defenses are already doing this, automatically and continuously watching for known attacks and blocking them before they get inside. Building on this, advanced threat defenses dynamically watch for anomalous behavior and act quickly to contain unknown threats from inflicting serious harm. Security information and event management (SIEM) software takes this a step further, applying new threat intelligence to historical events to see if any systems were previously affected, and applying appropriate countermeasures. The scale of these actions is beyond the capacity of even the largest, most experienced security team to complete manually in a reasonable timeframe.

Security automation is more sanitary, ensuring that infections are truly eradicated. If an attack does get through the defenses, manual cleanup is more likely to miss something than an automated process. Where an automatic dishwasher performs the same task on all the items in it, an automated cleaning process works through every registry change, file artifact, and malicious process on each machine, ensuring that the work is consistent throughout the network.

Security automation can process more, ensuring that attacks are dealt with quickly and potential compromises contained. The volume of alerts is too much for humans to process manually -- and the pattern recognition and correlation required to identify anomalous behavior is too broad for humans to work with -- but machines are perfectly suited to these activities. Combining machine processing with human judgment produces a more powerful combination than either alone.

Security automation is less prone to human error. When humans do tedious and repetitive tasks, they become increasingly likely to skip steps, miss indicators, or simply make mistakes. For example, checking and repairing or replacing registry keys -- which can be many levels deep and have similar names and similar complex numerical values -- is not only tedious to do manually, but a mistake can result in an unusable system and create even more work to restore it to a functional state.

If your security tools are not integrated and automated, you have multiple tools, notes, files, and logs that you need to analyze and stitch together, often by cutting and pasting among apps. Integration, automation, and workflow orchestration bring these tasks together so that dirty dishes go in, and clean, dry dishes come out. 

Every business is a cybersecurity business, and it is time to replace repetitive high-value but lower-skill security tasks with automation. If you are still not automated, you are washing dishes by hand. Get ahead of the curve, reduce risk, and make your security team an efficient and effective unit, with no more dishpan hands.

Josh Thurston is a security strategist in the Intel Security Office of the CTO.  In this role, Thurston drives business growth and defines the Intel Security go-to-market strategy for the Americas, creating and communicating innovative solutions for today's complex ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
LeviB623
50%
50%
LeviB623,
User Rank: Apprentice
12/15/2016 | 6:33:02 AM
mysql security
This is a nice blog for mysql security, but Data sunrise provides more data security from accessing for unwanted users. And easily restore your encrypted data. Visit Here:- https://www.datasunrise.com/products/
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3961
PUBLISHED: 2018-05-25
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
CVE-2018-11468
PUBLISHED: 2018-05-25
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
CVE-2018-6664
PUBLISHED: 2018-05-25
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.
CVE-2018-6674
PUBLISHED: 2018-05-25
Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands.
CVE-2018-1133
PUBLISHED: 2018-05-25
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.