Considering that cybersecurity automation is such a hot topic, you'd be forgiven if you thought that it was a brand new topic. That's certainly how the tech industry pundits have positioned it. As surprising as it sounds, however, some form of automation has been in place for a long time.
Technically, one of the earliest forms of cybersecurity automation was the addition of a command to scan a machine's memory contents into a batch startup file. While we've certainly come quite a long way since then, data protection is still based on the same principles. Enterprise organizations and small businesses alike may be excited about the prospect of automating security processes, but it's important to keep in mind that not all tools or even workflows are created equal when it comes to this dynamic section of the market.
Scalable Automation for Individual Use Cases
Too many IS department staffers have tried a one size fits all kind of approach when it comes to cybersecurity, which is why some tools have performed so poorly when they get out into the wild. It's not that the tools themselves are at all bad, but rather they're not applied for their correct use case. Fortunately, it's not difficult to identify the correct algorithm for each potential situation and deploy it.
Take, for example, someone who plans to automate their backup systems with IBM Spectrum Archive so that they might be able to recover better in the event of a cryptographic attack. This popular approach is very effective and should be easily managed from a single dashboard. However, there are some IS experts who might initially pass over it because they're afraid that they can't use it without an existing tape library. On second glance, however, it's obvious that such an installation is not required to get started. The solution will simply scale over time.
Others might try instead to deploy far too much protection, which in turn might actually present an obtuse situation to end-users who will then begin to behave in an insecure fashion as a result of their being inconvenienced. A company that wanted to ensure it's terminals were being used to browse web resources anonymously would merely need to tunnel exterior traffic through a VPN service, which can be easily automated again through a single dashboard. Anything more than this might serve to be overkill and could potentially cause people to find ways around any automatic protections that are currently in place.
Those who find themselves managing larger organizations will want to consider each use case separately so that they can develop an appropriate remediation for every possible issue that they might run into.
Automating Cybersecurity Processes in an Enterprise Environment
Auto-remediation of a single endpoint is perhaps the simplest use case to visualize, which is why it's so important to tackle first. The ability to automatically plug potential breaches can prevent the exfiltration of sensitive data before it starts. Nearly every next-gen anti-virus package provides this sort of coverage, and it's also a built-in feature of pretty much any extended detection product that a company in this market segment may find.
Expanding remediation over a potential attack surface that's bigger than a single device can reduce the amount of time needed to resolve any identified threats. Multiple endpoint remediation poses a rather unique problem, however, since it requires an algorithm to hunt through each device connected to a network to look for threats that may have only just been identified. Owing to a greater level of abstraction provided by next-gen tools, however, it's now possible to enjoy this level of response automation merely by working with a standard XDR or SOAR package.
It's doubtful that many companies will want to invest in any of their own backend development procedures to take care of this sort of remediation, which is why it's such good news that advances in machine learning technology have enabled XDR developers to solve the problem while abstracting it and providing local departments with an efficient API. Those who configure network attached storage devices may want to consider the results of this sort of technology in the aggregate seeing as how they're often charged with managing multiple centers at the same time.
While more complex automatic cybersecurity solutions have been spawned over time, they still rely on the same basic principles. In fact, there are those who believe that it's impossible to automate every aspect of the security field.
Drawing a Line Between Automation & Process Management
One study found that 82 percent of respondents believed that their organizations faced a breach as a result of some digital transformation-related process. While it's difficult to tell whether or not this number is accurate, it indicates that the perception of such problems occurring is quite high irrespective of real-world numbers. Moving forward, the best way to deal with the issue may be to build a human-machine partnership that's based around curated playbooks. In this paradigm, organic IS department staffers author playbooks that can automate a series of remediation steps in response to a certain number of threats.
For instance, a playbook might automatically disable a specific user account if it detects that ransomware is running on it. Killing the process in this case wouldn't be enough, so this kind of remediation could stop the problem early. While this isn't necessarily an example of full automation, it's certainly something that should prove helpful in enterprise-level environments.
As computer scientists seek to deploy extended remediation protocols across an environment, automation will become increasingly important. There are simply too many devices online today to ignore it. Nevertheless, it's equally as important to emphasize the human aspect of cybersecurity regardless of how automated any specific workflow becomes.
#CloudPakforBusinessAutomation