Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/18/2019
03:55 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

The Cybersecurity Automation Paradox

Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.

Cybersecurity organizations face a chicken-and-egg conundrum when it comes to automation and the security skills gap. Automated systems stand to reduce many of the burdens weighing on understaffed security teams that struggle to recruit enough skilled workers. But at the same time, security teams find that a lack of automation expertise keeps them from getting the most out of cybersecurity automation. 

A new study out this week from Ponemon Institute on behalf of DomainTools shows that most organizations today are placing bets on security automation. Approximately 79% of respondents either use automation currently or plan to do so in the near-term future.

For many, automation investments are justified to management as a way to beat back the effects of the cybersecurity skills gap that some industry pundits say has created a 3 million person shortfall in the industry. Close to half of the respondents to Ponemon's study report that the inability to properly staff skilled security personnel has increased their organizations' investments in cybersecurity automation. 

Nevertheless, the fact remains that automation isn't magical. It takes boots on the ground to roll out cybersecurity automation and true expertise at the helm of these tools to reap significant security benefits from them over the long haul. Ponemon's study shows that 56% of organizations report a lack of in-house expertise is one of the biggest challenges impeding adoption of security automation. In fact, it was the No. 1 obstacle, named more frequently than legacy IT challenges, lack of budget, and interoperability issues.  

Sentiments are relatively evenly split between those who think automation will cause a net increase, net decrease, or have no effect on headcount over time. However, those who think it'll mean hiring more staff still have the plurality on that count — 40% of respondents say they'll need to hire more people to support security automation.

In another report released by SANS Institute on security automation, SANS analyst Barbara Filkins warns that organizations must fight the misconception that automation is easy or quick to implement.

"Automation takes a tremendous amount of effort to arrive at the point where it makes things look easy," Filkins writes. "Don't underestimate the resources needed to define the processes — in the light of more effective tools — and close the semantic gaps in the data gathered."

That study shows while automation is on the uptick at most organizations, only a scant 5.1% are at a high level of maturity with extensive automation of key security processes. 

Part of the difficulty in assessing or measuring the level of automation maturity and its effect on the security industry is that experiences vary wildly. A huge chasm between the haves and have-nots of cybersecurity automation currently exists in the industry, explains Gartner's Anton Chuvakin. On one end, he says, there are plenty of organizations that don't even have the resources to run security automation, let alone effectively operationalize it.

"They do not have the people to install a tool and to keep it running. I've met people who say they don't have time to install and configure a basic log management tool," Chuvakin writes. "On the other edge of the chasm, we have organizations with resources to WRITE tools superior to many/most commercial tools." 

This chasm may impact the staffing equation to some degree, as more than likely it will precipitate the creation of more quality service providers to fill the gap in expertise for those organizations that simply do not have the staff to add more layers of complicated automation tools. 

Related Content:

  

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/22/2019 | 8:45:46 AM
Three points
Automation works great on detection and remediation.  We have to move FAST and infections move FASTER than the human hand.  I have pointed this out to my Malware department and remember well when Cryptolocker wiped out a small 501C3 I supported in 2014 - arrived 1;45 AM and bounced to server.  I had offsite backup and restored 90% of everything in 3 hours or less.  I planned well and tested well.  That said, infection moves fast and automation is just as fast.  The rub is in evaluation of threat - can automation catch all false positives?  Over time, more yes than no but even so a human mind can touch facts and suppositions that a system cannot or ever do.  A dentist once told me that robotic surgery may be fine BUT it lacks the ability to finger touch into a body and then evaluate what it just touched.  Maybe in 20 years but not now.  Like Norad, human decision has to be in the loop.  Otherwise we would lack the famous Russian in their silo who did NOT launch the warheads some years  back and saved the world.  

Remember what Spock said to Kirk about V'Ger - it lacked the ability for a simple human hand-to-hand grasp.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8904
PUBLISHED: 2020-08-12
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (en...
CVE-2020-8905
PUBLISHED: 2020-08-12
A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of ...
CVE-2020-12106
PUBLISHED: 2020-08-12
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.
CVE-2020-12107
PUBLISHED: 2020-08-12
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System.
CVE-2020-7374
PUBLISHED: 2020-08-12
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user ...