Automation can cut costs, streamline connectivity and allow IT staff to spend their time on more exciting work rather than menial tasks. Sounds like a good thing, right? While automation delivers many benefits to the enterprise, there are dangers to mindlessly automating every business function, especially when it comes to security.
Some security functions require nuanced decision-making that machines can’t determine on their own, and in these cases, a blanket automation policy would cause more harm than good. Believe it or not, there are still security functions that require human intervention for effective detection and enforcement.
To help enterprises get the most of automation from a security perspective (and not break anything!), I’ve compiled the top security functions to automate today and what not to (yet).
Automate it today:
• Threat sharing: When the network is attacked, you need to know about it immediately – period. Relying on human threat monitoring is an antiquated and inefficient method to protect against attacks. As many organizations face a barrage of attacks on a regular basis, threat sharing is one of the simplest areas to automate to ensure security teams are immediately notified about threats so they can act as quickly as possible.
• Security updates: Automatically pushing security updates to protect against known vulnerabilities, especially ones that are rated at critical or high severity levels, is a straightforward operation that you should immediately automate. By automating production testing and being agile in updating systems, organizations reduce the response time to react to known threats and vulnerabilities. Automatically testing updates triggered by their availability is key. Testing systems need to be automated to the point where they become self-learning, automatically triggered, verified updated and incorporated or rolled back for the next set of testing. Focusing on developing agile testing and update systems can help stop Common Vulnerabilities and Exposures (CVEs) from becoming one of the most commonly exploited ways that compromise consumers and businesses alike.
Security functions that still need humans:
• Policy decisions: While automating policy delivery is a key step towards securing the network, knowing when to push the policies requires a level of nuance that a machine can’t determine on its own. It’s crucial to set policies upfront so when a threat hits, a security official can determine the risk level and push out the automated security functions at the correct time. For example, most patches can be pushed during the off-hours so daily business isn’t disrupted. However, if the caliber of the threat is high enough, you may need to intervene to push an immediate patch – only a human would be able to execute on that level of decision-making.
• Threat Modeling: While there are several tools that can help companies effectively threat model a new product or new corporate environment, it requires thoughtful analysis. Understanding, what is being deployed and the potential attack vectors requires critical thought by someone with knowledge of the application being secured.
It goes without saying that there is no “one size fits all” approach to security. On the one hand, there are security functions like threat monitoring where it would be negligent to rely only on humans, whereas other functions like policy decisions could wreak havoc on environments if left to machines.
Striking a balance between the two will ensure enterprises get the most out of automating effective security for their organizations.
Tags: