Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
12/14/2016
03:07 PM
Josh Thurston
Josh Thurston
Partner Perspectives
50%
50%

Its Time For Organizations To Automate Security

Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.

Dishwashers are a great invention; they use automation to do a repetitive, high-value task that does not require much skill. It is time to bring your security team out of the 1970s and stop making them wash the cybersecurity dishes by hand.

The addition of automation to washing dishes has several benefits, besides eliminating the boring task of dishwashing and creating dishpan hands. Dishwashers make more efficient use of time, water, and soap, and they dry dishes sanitarily without towels. They process and remove excess waste and reduce the incidence of broken plates and glasses caused by human error. And they reduce clutter and keep the counter and sink clear for more important items. Most of us wouldn't own a home without a dishwasher, and we certainly wouldn't run a restaurant or other food business without one.

Every cyberattack gets your systems dirty, and manually cleaning up after an infection or a breach takes a long time. Employees need to research the malware to find out how to properly clean it, then scour every system for traces of files, registry entries, and other malware artifacts. This is not only time consuming, but prone to human error and omission, leaving your organization open to reinfection. Here are some of the advantages of automating your organization’s security processes:

Security automation makes more efficient use of scarce resources, freeing them up for more proactive tasks. Existing threat defenses are already doing this, automatically and continuously watching for known attacks and blocking them before they get inside. Building on this, advanced threat defenses dynamically watch for anomalous behavior and act quickly to contain unknown threats from inflicting serious harm. Security information and event management (SIEM) software takes this a step further, applying new threat intelligence to historical events to see if any systems were previously affected, and applying appropriate countermeasures. The scale of these actions is beyond the capacity of even the largest, most experienced security team to complete manually in a reasonable timeframe.

Security automation is more sanitary, ensuring that infections are truly eradicated. If an attack does get through the defenses, manual cleanup is more likely to miss something than an automated process. Where an automatic dishwasher performs the same task on all the items in it, an automated cleaning process works through every registry change, file artifact, and malicious process on each machine, ensuring that the work is consistent throughout the network.

Security automation can process more, ensuring that attacks are dealt with quickly and potential compromises contained. The volume of alerts is too much for humans to process manually -- and the pattern recognition and correlation required to identify anomalous behavior is too broad for humans to work with -- but machines are perfectly suited to these activities. Combining machine processing with human judgment produces a more powerful combination than either alone.

Security automation is less prone to human error. When humans do tedious and repetitive tasks, they become increasingly likely to skip steps, miss indicators, or simply make mistakes. For example, checking and repairing or replacing registry keys -- which can be many levels deep and have similar names and similar complex numerical values -- is not only tedious to do manually, but a mistake can result in an unusable system and create even more work to restore it to a functional state.

If your security tools are not integrated and automated, you have multiple tools, notes, files, and logs that you need to analyze and stitch together, often by cutting and pasting among apps. Integration, automation, and workflow orchestration bring these tasks together so that dirty dishes go in, and clean, dry dishes come out. 

Every business is a cybersecurity business, and it is time to replace repetitive high-value but lower-skill security tasks with automation. If you are still not automated, you are washing dishes by hand. Get ahead of the curve, reduce risk, and make your security team an efficient and effective unit, with no more dishpan hands.

Josh Thurston is a security strategist in the Intel Security Office of the CTO.  In this role, Thurston drives business growth and defines the Intel Security go-to-market strategy for the Americas, creating and communicating innovative solutions for today's complex ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
LeviB623
50%
50%
LeviB623,
User Rank: Apprentice
12/15/2016 | 6:33:02 AM
mysql security
This is a nice blog for mysql security, but Data sunrise provides more data security from accessing for unwanted users. And easily restore your encrypted data. Visit Here:- https://www.datasunrise.com/products/
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Microsoft Patches Windows Vuln Discovered by the NSA
Kelly Sheridan, Staff Editor, Dark Reading,  1/14/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14629
PUBLISHED: 2020-01-17
Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-17125
PUBLISHED: 2020-01-17
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
CVE-2019-17127
PUBLISHED: 2020-01-17
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.
CVE-2020-3940
PUBLISHED: 2020-01-17
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.
CVE-2020-6862
PUBLISHED: 2020-01-17
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.