By Amit Nath
Driven by technological advancements and innovation, the blitzkrieg speed with which adversaries are currently exploiting complex IT networks and systems is much faster than defenders can protect them. This naturally results in the theft of business relevant mission critical information and intellectual property. The compromise of sensitive data, distributed denial-of-service (DDoS) attacks and, in the worst case scenario, significant disruption or collapse of critical infrastructures are some of the issues that are relentlessly rearing their ugly heads these days.
The automation of security, including patch management, invasion detection and various forms of continuous supervision, has become a prerequisite of cyber security tools and practices over the last couple of years.
We are all well aware about the inherent benefits of automating system configurations to avoid human error. Interestingly, 95 percent of all security incidents involve human error, according to IBM's
2014 Cyber Security Intelligence Index. This year itself, enterprises will spend $8 billion on cyber security, but these initiatives are often redundant in preventing an engineer from misconfiguring a firewall or forgetting to patch a security vulnerability on a new server. Manual work is a risk, and manual security work is a disaster waiting to happen. Here is where automation comes into play. Automation is the best way to negate and minimize incidences of human errors and therefore incidences of attacks.
The ‘Internet of Things’ is upping the ante for solutions that can detect and alleviate cyber risks in real-time. Conventional products such as antivirus, while still important for restricting certain classes of threat, are increasingly unsuitable to ward off advanced attacks without assistance from network security monitoring tools and other modern solutions. As a corollary, complete automation is the logical next step as far as cyber security is concerned. Security automation enables businesses to identify and mitigate vulnerabilities before they become active threats. Such a process will help in reducing the response time for cyber incidents as well. Machine tools that can automatically detect and kill threats will be the order of the day, real soon.
The numbers speak for itself. Last year there were 781 publicized cyber security ruptures which resulted in more than 169 million personal records being leaked – a number that’s steadily on the rise year over year. However, surprisingly only 38% of organizations across the globe can confidently say they are prepared to handle a sophisticated cyber-attack through conventional protocols, tools and methods.
The hard fact is - cyber criminals are becoming smarter by the day and their attacks are increasingly faster than companies can keep up with. Gone are the days when traditional methods, like anti-malware software, were suitable to keep sensitive data safe. To address this pressing concern, many forward-thinking IT executives are fortifying their cyber security strategy using automation as a pivotal tool.
The most striking aspect is that, most of these attacks including the advanced persistent threats are not carried out by humans but by automated bots – droves and droves of them. IT experts are no match to stall such intensive, sustained attacks and no amount of human intervention can mitigate such kinds of attacks in real time. This is primarily why automation is becoming such a powerful and effective component of cyber security incident response. To firefight the assault of incoming threats, organizations must employ an army of equivalent strength and sophistication. Basically, its good bots pitted against bad bots.
However, many companies are still apprehensive about incorporating automation into cyber security. Some of the concerns are as follows:
Humans will lose control: It is a misconception – only a perceived loss of control rather than an actual loss of control. The right automation infrastructure can actually provide a greater level of visibility, transparency and enhanced oversight and control into the entire cyber security strategy and process.
Trusting machines blindly: An ace security expert might feel that he can address an attack more efficiently than a machine can but it is far from the truth! Distrust in technology can be an incredibly big hurdle to overcome, but ultimately – given the shift in type, frequency and complexity of attacks – it’s a futile argument.
Many have the ‘Terminator Syndrome’. They are apprehensive of the fact that automation will render people jobless and the security workforce of the future will comprise of bots doing what humans do today and many other additional things as well. The fact that remain is, while automation is certainly changing the way people work, its creating just about as many opportunities as it is eliminating them.
Let us examine some instrumental role that automation can play in the sphere of cyber security
Automation guarantees strengths that match the oncoming cyber-attack which human intervention cannot often testify. Automation provides the ability to match incoming attacks stride for stride, affording the greatest level of protection possible.
Automation helps in streamlining workflows and creating a much more uniform and efficient environment. So, not only does the organization become stronger in terms of security, but it also becomes more cost-effective across the board.
Humans make errors. We all know the popular adage ‘to err is human!’ Many cyber security breaches happen due to carelessness and mistakes committed by skilled human workforce and/or individuals! Automation eliminates this problem by removing the human element from some or all of the cyber process.
Automation helps in astute decision making. Making critical business decisions on the fly is needed in this highly competitive business environment. Automation helps in gathering, analyzing and prioritizing crucial data at the click of a button, further enhancing the threat detection and incident management process.
Globally, the cyber-attacks could cost businesses anywhere between $38,000 and $400 billion annually today. This itself explains as to why cyber security has gained paramount importance across the world. Businesses should consistently conduct audits at regular intervals if it wants to prevent itself from becoming the next victim.
All said and done, it would not be wrong to imply that automation is emerging as the ideal tool for streamlining and strengthening the threat incident response process and creating a better line of defense that will stand the test of time and time itself will stand testimony to this core fact.
The author is Head of Asia Pacific (Corporate Business) India & SAARC – F-Secure