Information security is
threatened from multiple angles. Threats
have grown more sophisticated, digital infrastructures more complex, data more
voluminous, and security talent increasingly scarce. The pace and volume make
it impossible for IT groups to keep up. Automating tasks is an obvious solution
to these challenges, but there are deeply ingrained concerns that automation
will make matters worse, taking down essential service elements, quarantining senior
executives, or otherwise disrupting critical business processes.Cybersecurity in a world without automationThe number of threats in cyberspace today is
almost beyond human comprehension. Our threat intelligence service responds to
48 billion queries every day and has 600 million samples in the database. Within
the next few years, there will be 30 billion IoT devices, 3 billion smartphone
users, and 450 billion Internet-based business transactions per day. It is
little wonder that the magnitude of data and alerts is overwhelming even the
most experienced and efficient human security professionals. Without the scale
that automation enables, the future of cybersecurity looks grim.
Do you have automataphobia?Despite spending millions of dollars on
security tools and teams, organizations continue to get breached. Our research
indicates three probable drivers behind this conundrum: poor digital hygiene,
undeployed security tools, and isolated security processes.Digital hygiene refers to foundational
activities, like keeping patches up to date, testing updates, and validating signatures.
With most attacks coming out within a few hours of a vulnerability disclosure, lengthy
update approvals and manual patch processes leave organizations at risk. Cloud
and SaaS operations have proven that automated patch testing and deployment works
well with minimal downside risk. The human capacity gained from automating
basic tasks can be redeployed on more critical security activity such as threat
hunting or incident response.Buying security tools and not deploying
them is usually related to lack of resources. External security consultants are
a logical path to solving this problem if your team doesn’t have the necessary
time or expertise. Another option is to use the time saved by automating
mundane tasks to deploy the shelved security tools.Finally, many attacks are successful
because they find gaps ripe for exploit between security products. Manual or no
integration between security products allows suspicious activity to dwell
unnoticed. If an attack is identified and blocked, all entry points should be instantly
informed. If a compromised device is detected, security products should
automatically scan all other devices for evidence of similar compromise, and
quarantine affected systems. Allowing machines to make these decisions, based
on policy set by the security team, accelerates time to detection and
remediation without incurring material risk of unintended IT consequences.Human-machine teaming is the path forwardAutomation has long played a minor role in
the security process. IT environmental complexity, attack velocity, and talent
scarcity are moving it from an optional to a mandatory element of sound cybersecurity
practice. Combining human strategic intellect with more reliance on the
analytic strength of machines delivers superior security outcomes.Machines collect and analyze large
quantities of complex data, sifting through massive datasets to find patterns and
anomalies while they are still fresh in the environment. This moves data
analysis from a backward-looking, forensic activity to an active pursuit. With
appropriate training, machines can collate and prioritize alerts for human
investigation, while instantly acting on those that fall within defined policy
parameters.Humans are able to take information that
machines put forward and apply strategic intellect. They understand the context
of multiple pieces of data threaded together and are much better at deciphering
the subtle clues that unearth an attack. For example, Operation
Sharpshooter attacks start as realistic-looking job recruitment messages,
followed by links to download a malicious document. When the machine flags the
malicious document or the anomalous behavior caused by the embedded macro, humans
can follow the communications trail to the broader campaign and take steps to
inform and protect the organization from these social-engineering attacks.With the human and machine acting together,
repetitive tasks are automated, humans have more capacity to apply their
essential skills, and the machines continually learn and improve their
capabilities. When you combine this with an architecture built to facilitate
rapid and active sharing of threat intelligence, you create an advantage for
those trying to secure their cyber assets versus those trying to exploit cyber
assets.ConclusionThe need for speed in cybersecurity makes
automation mandatory. By
automating tasks that play to the engineered ability of machines, we accelerate
the time to detection and correction of attacks. Humans are then able to focus
on the trickiest investigations and tasks that leverage their cognitive
abilities. Together they mitigate the risk of overlooking critical cyber
incident clues needed to avoid or recover from potentially catastrophic
attacks.If the security industry delivers on this human-machine teaming vision, we can harness the power of machines and humans to further the cybersecurity cause and secure the digital assets most important to consumers and organizations alike.Candace Worley, Vice President and Chief Technical Strategist, McAfee
Only a few global businesses have been completely monitoring the security of their external suppliers even though a majority of security leaders have expressed concern regarding the security of their supply chains, reports The Register.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
