Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
12/14/2016
03:07 PM
Josh Thurston
Josh Thurston
Partner Perspectives
50%
50%

Its Time For Organizations To Automate Security

Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.

Dishwashers are a great invention; they use automation to do a repetitive, high-value task that does not require much skill. It is time to bring your security team out of the 1970s and stop making them wash the cybersecurity dishes by hand.

The addition of automation to washing dishes has several benefits, besides eliminating the boring task of dishwashing and creating dishpan hands. Dishwashers make more efficient use of time, water, and soap, and they dry dishes sanitarily without towels. They process and remove excess waste and reduce the incidence of broken plates and glasses caused by human error. And they reduce clutter and keep the counter and sink clear for more important items. Most of us wouldn't own a home without a dishwasher, and we certainly wouldn't run a restaurant or other food business without one.

Every cyberattack gets your systems dirty, and manually cleaning up after an infection or a breach takes a long time. Employees need to research the malware to find out how to properly clean it, then scour every system for traces of files, registry entries, and other malware artifacts. This is not only time consuming, but prone to human error and omission, leaving your organization open to reinfection. Here are some of the advantages of automating your organization’s security processes:

Security automation makes more efficient use of scarce resources, freeing them up for more proactive tasks. Existing threat defenses are already doing this, automatically and continuously watching for known attacks and blocking them before they get inside. Building on this, advanced threat defenses dynamically watch for anomalous behavior and act quickly to contain unknown threats from inflicting serious harm. Security information and event management (SIEM) software takes this a step further, applying new threat intelligence to historical events to see if any systems were previously affected, and applying appropriate countermeasures. The scale of these actions is beyond the capacity of even the largest, most experienced security team to complete manually in a reasonable timeframe.

Security automation is more sanitary, ensuring that infections are truly eradicated. If an attack does get through the defenses, manual cleanup is more likely to miss something than an automated process. Where an automatic dishwasher performs the same task on all the items in it, an automated cleaning process works through every registry change, file artifact, and malicious process on each machine, ensuring that the work is consistent throughout the network.

Security automation can process more, ensuring that attacks are dealt with quickly and potential compromises contained. The volume of alerts is too much for humans to process manually -- and the pattern recognition and correlation required to identify anomalous behavior is too broad for humans to work with -- but machines are perfectly suited to these activities. Combining machine processing with human judgment produces a more powerful combination than either alone.

Security automation is less prone to human error. When humans do tedious and repetitive tasks, they become increasingly likely to skip steps, miss indicators, or simply make mistakes. For example, checking and repairing or replacing registry keys -- which can be many levels deep and have similar names and similar complex numerical values -- is not only tedious to do manually, but a mistake can result in an unusable system and create even more work to restore it to a functional state.

If your security tools are not integrated and automated, you have multiple tools, notes, files, and logs that you need to analyze and stitch together, often by cutting and pasting among apps. Integration, automation, and workflow orchestration bring these tasks together so that dirty dishes go in, and clean, dry dishes come out. 

Every business is a cybersecurity business, and it is time to replace repetitive high-value but lower-skill security tasks with automation. If you are still not automated, you are washing dishes by hand. Get ahead of the curve, reduce risk, and make your security team an efficient and effective unit, with no more dishpan hands.

Josh Thurston is a security strategist in the Intel Security Office of the CTO.  In this role, Thurston drives business growth and defines the Intel Security go-to-market strategy for the Americas, creating and communicating innovative solutions for today's complex ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
LeviB623
50%
50%
LeviB623,
User Rank: Apprentice
12/15/2016 | 6:33:02 AM
mysql security
This is a nice blog for mysql security, but Data sunrise provides more data security from accessing for unwanted users. And easily restore your encrypted data. Visit Here:- https://www.datasunrise.com/products/
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5423
PUBLISHED: 2020-12-02
CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
CVE-2020-29454
PUBLISHED: 2020-12-02
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
CVE-2020-7199
PUBLISHED: 2020-12-02
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access,...
CVE-2020-14260
PUBLISHED: 2020-12-02
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.
CVE-2020-14305
PUBLISHED: 2020-12-02
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat ...