The rise in automation has shown value for businesses across many industries and functions within, and IT security is following a similar trajectory. Many security management tools, such as next-generation firewalls, Cloud based services and SIEM (Security Information and Event Management) have evolved to incorporate automation capabilities to solve the problem of manual processes when dealing with non-manual cyber threats. With an increasing number of new attack vectors and cyber threats, automation is rising up the priority list for organisations. IBM’s 2019 Cost of a data breach report has shown that the average total cost of a data breach is 95% higher in organisations without security automation deployed.
Point-in-time or annual testing approaches are fast becoming insufficient to keep pace with the fast-changing business models being introduced, such as Zero Trust, SASE (Secure Access Service Edge) and SaaS (Software as a Service). It is a great deal for a security expert to manually review thousands of alerts in an efficient manner. The longer it takes to detect malware in your organisation, the higher likelihood it will lead to additional assets being compromised.
An air of caution is necessary, automation can lead to more risks if implemented incorrectly, as there is no one-size fits all approach. As automation becomes more of a necessity, there are vast capabilities for integration from threat detection, deception techniques to vulnerability assessment and privileged access management. Automation can be incorporated into Security Operation Centre’s (SOC) through the workflow of daily tasks, analysis of security incidents and responding to threats before any exfiltration of data. Additionally, it is incorporated into SOAR (Security Orchestration, Automation and Response) to automate and enforce swift remediation, initially for simple, repeatable tasks, then businesses can look to establish more sophisticated response actions. What is the best way for security automation to be implemented across your infrastructure?
Gartner have developed a strategic approach, CARTA, to redefine the way cybersecurity risks are addressed in this evolving environment. CARTA stands for “Continuous Adaptive Risk and Trust Assessment” which shifts the risk management process away from a single allow/deny gating to a more agile, adaptive approach. Therefore, to adopt the CARTA approach, Gartner recommends it is imperative to use analytics, AI, automation, and orchestration to speed the time to detect and respond, to deliver scaled services with limited human resources.
As security analysts are overwhelmed with false positive alerts, it is important to identify meaningful indicators of risk. Data must be analysed using multiple analytical approaches, including the use of behavioural signatures, pattern matching, neural networks, machine learning (supervised and unsupervised), deep learning and/or similarity analysis. Techniques like signatures require less computing power while techniques like machine learning will take longer and require historical datasets to work against. It is crucial to implement techniques that work with the existing infrastructure to protect the business assets. The security principle of defence in depth should be extended to analytics in depth. As with most things, a blended approach provides the opportunity to address the maximum area of targeted risk. To know more in depth about automated security services like automated pen testing or breach and attack simulation software, please refer to the Reply research paper talking about the emergence of Automated Security Testing services.
The use of analytical tools and services are expected to reduce the time to detect risk. There are many approaches companies can take when identifying, categorising and mitigating potential threats and vulnerabilities within their environments. Different vendors approach this new challenge in different ways by focusing on either attack surface discovery, continuous vulnerability and remediation or threat intelligence. Overall, one of the key aspects is to scale up and assess continuously by leveraging automation, especially with artificial intelligence/machine learning, to be more productive and work more efficiently.
If you would like more information on how Net Reply can help you secure your automated processes. Please get in contact with who will be happy to help.