Recorded Future - Why Security Teams Need to Embrace Automation

Fiction envisions a world taken over by autonomous machines — self-building, self-aware robots that are near perfect as they fight humankind. We marvel at their ability to operate and replicate.

In reality, automation saves time, money, and even lives. As an example, WannaCry, a ransomware variant, was responsible for a cyberattack costing an estimated $4-8 billion. However, it was preventable with a software update that was released eight months prior. Yet, 66% of businesses can’t or won’t rely on automated patching.

The adoption of automation has its challenges — but intelligence-led security can be challenging, too. The term “intelligence,” on one hand, brings images of James Bond and a powerful capability that delivers a crystal ball-like understanding. On the other hand, intelligence more abstractly reports Google’s DNS (8.8.8.8) as a malicious indicator of compromise (IOC).

Intelligence, like automation, is not a capability that can be picked off the shelf, plugged in, and instantaneously valuable. Both have their own unique challenges, but once those are overcome, both can deliver substantial value.

Resistance To Adopting Security Automation and Orchestration

Automation revolutionized the car manufacturing industry decades ago, because it is ideally suited to replace manual repetitive tasks. Today, other sectors too are adopting the use of automation, such as construction. Brick laying is a perfect example. A robot named SAM can now lay bricks 500 times faster than a human can. This will drive down cost and reduce delivery times with little human involvement. It is easy to see why automation is an aspiration for many. But if automation is so valuable, why is it not used everywhere?

The initial costs associated with automation can be substantial, such as developing the mechanisms and defining the problem. Regarding the initial generations of automation, each step within the solution must be documented, with no room for deviation. Automation can be inflexible and not always fit for purpose, especially in sectors with constantly moving goalposts.

Security professionals defending businesses from cybercriminals are involved in an ever-developing cat and mouse game. Security analysts must adapt to new and alternative attacks. Analysts must analyze, hypothesize, and distribute their respective intelligence products — all while being flexible and adaptive.

It is clear that humans will be required to analyze information and make valued assessments that help safeguard businesses from cyberattacks. But it is humans that cost substantial time and money by undertaking laborious tasks. While one of the objectives of intelligence is timeliness, intelligence teams struggle to provide valuable intelligence within a timely manner.

To source information and collate, process, analyze, and distribute it requires a substantial number of repetitive tasks — tasks that are ideal for automation. But that means humans must thoroughly define the steps within each task. That is something a mature intelligence cell should be able to produce. There are, however, aspects of the intelligence lifecycle that require constant alterations, adaptation to the millions of variables, and creation of new solutions to new unknowns. Humans are ideally suited to adaption and altering from a set course. Even with artificial intelligence (AI), we’re years away from AI machines fully replacing humans (if at all) in all aspects of the intelligence lifecycle.

Accelerate Repeatable Tasks With Security Automation (and Empower Analysts to Do What They Do Best)

Automation and intelligence production are well documented and valuable capabilities. We can leverage these existing best practices to support the adoption of automated intelligence while empowering people to be creative and adaptable — in short, a complementary partnership.

Automation:

  • Should belong to long-term planning and take on repeatable tasks for an extended period
  • Should avoid the Rube Goldberg effect and be kept as simple and direct as possible while adopting or defining an automated solution
  • Is not fit for every scenario

Intelligence:

  • Needs to be limited to reduce the risk of drowning in data — especially when utilizing automation that can quickly overwhelm a team
  • Should be integrated across functions and systems where possible — breaking down the tasks used to produce intelligence; Application programming interface (API) technology makes integration substantially easier, with frameworks such as STIX and TLP to assist information flows

Automation and intelligence have their own unique challenges, but together they can be used to overcome various problems while providing additional value. For many, the future goal is to automate as much as possible, yet organizations may be reluctant to proceed until a mature intelligence capability is achieved. However, this shouldn’t be the strategy going forward. By utilizing automation, difficulties can be overcome to move toward a mature intelligence service.

Explore Security Automation Further

To learn more about how you can improve security efficiencies at your organization by embracing automation, download our complimentary e-book, “Beyond SOAR: 5 Ways to Automate Security With Intelligence.”

The post Why Security Teams Need to Embrace Automation appeared first on Recorded Future.



from Recorded Future https://www.recordedfuture.com/security-automation-benefits/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more