Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
12/14/2016
03:07 PM
Josh Thurston
Josh Thurston
Partner Perspectives
50%
50%

Its Time For Organizations To Automate Security

Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.

Dishwashers are a great invention; they use automation to do a repetitive, high-value task that does not require much skill. It is time to bring your security team out of the 1970s and stop making them wash the cybersecurity dishes by hand.

The addition of automation to washing dishes has several benefits, besides eliminating the boring task of dishwashing and creating dishpan hands. Dishwashers make more efficient use of time, water, and soap, and they dry dishes sanitarily without towels. They process and remove excess waste and reduce the incidence of broken plates and glasses caused by human error. And they reduce clutter and keep the counter and sink clear for more important items. Most of us wouldn't own a home without a dishwasher, and we certainly wouldn't run a restaurant or other food business without one.

Every cyberattack gets your systems dirty, and manually cleaning up after an infection or a breach takes a long time. Employees need to research the malware to find out how to properly clean it, then scour every system for traces of files, registry entries, and other malware artifacts. This is not only time consuming, but prone to human error and omission, leaving your organization open to reinfection. Here are some of the advantages of automating your organization’s security processes:

Security automation makes more efficient use of scarce resources, freeing them up for more proactive tasks. Existing threat defenses are already doing this, automatically and continuously watching for known attacks and blocking them before they get inside. Building on this, advanced threat defenses dynamically watch for anomalous behavior and act quickly to contain unknown threats from inflicting serious harm. Security information and event management (SIEM) software takes this a step further, applying new threat intelligence to historical events to see if any systems were previously affected, and applying appropriate countermeasures. The scale of these actions is beyond the capacity of even the largest, most experienced security team to complete manually in a reasonable timeframe.

Security automation is more sanitary, ensuring that infections are truly eradicated. If an attack does get through the defenses, manual cleanup is more likely to miss something than an automated process. Where an automatic dishwasher performs the same task on all the items in it, an automated cleaning process works through every registry change, file artifact, and malicious process on each machine, ensuring that the work is consistent throughout the network.

Security automation can process more, ensuring that attacks are dealt with quickly and potential compromises contained. The volume of alerts is too much for humans to process manually -- and the pattern recognition and correlation required to identify anomalous behavior is too broad for humans to work with -- but machines are perfectly suited to these activities. Combining machine processing with human judgment produces a more powerful combination than either alone.

Security automation is less prone to human error. When humans do tedious and repetitive tasks, they become increasingly likely to skip steps, miss indicators, or simply make mistakes. For example, checking and repairing or replacing registry keys -- which can be many levels deep and have similar names and similar complex numerical values -- is not only tedious to do manually, but a mistake can result in an unusable system and create even more work to restore it to a functional state.

If your security tools are not integrated and automated, you have multiple tools, notes, files, and logs that you need to analyze and stitch together, often by cutting and pasting among apps. Integration, automation, and workflow orchestration bring these tasks together so that dirty dishes go in, and clean, dry dishes come out. 

Every business is a cybersecurity business, and it is time to replace repetitive high-value but lower-skill security tasks with automation. If you are still not automated, you are washing dishes by hand. Get ahead of the curve, reduce risk, and make your security team an efficient and effective unit, with no more dishpan hands.

Josh Thurston is a security strategist in the Intel Security Office of the CTO.  In this role, Thurston drives business growth and defines the Intel Security go-to-market strategy for the Americas, creating and communicating innovative solutions for today's complex ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
LeviB623
50%
50%
LeviB623,
User Rank: Apprentice
12/15/2016 | 6:33:02 AM
mysql security
This is a nice blog for mysql security, but Data sunrise provides more data security from accessing for unwanted users. And easily restore your encrypted data. Visit Here:- https://www.datasunrise.com/products/
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13295
PUBLISHED: 2020-08-10
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
CVE-2020-6070
PUBLISHED: 2020-08-10
An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerabilit...
CVE-2020-6145
PUBLISHED: 2020-08-10
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-8224
PUBLISHED: 2020-08-10
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVE-2020-8229
PUBLISHED: 2020-08-10
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.