Security Automation: Can it Fix What Ails Enterprises Cybersecurity Programs?
Michelle Johnson Cobb Aug 27, 2018
A report on our seminal security automation survey was released today with insights on how enterprises are already using automation, where they’re finding benefits and challenges and what’s been the impact to their business. The stats must have been swimming in my head as it seemed everywhere I turned in recent weeks, themes of automation, artificial intelligence and machine learning rose to meet me.
One such incident was at this month’s Black Hat conference. As I stepped out of the airport into Vegas’ sweltering August heat, I launched my Lyft app to get a ride to the hotel. The first thing that popped up was a surprise question: “Would you accept a self-driving car? Click here to sign a waiver.” I gladly did, eager to try an automated driving experience. I briefly estimated any extra risk of an accident in a self-driving car which, frankly, is likely higher for the random bystander than for me inside the vehicle. Yet there the waiver beamed on my phone screen.
Alas, I wasn’t matched with a self-driving car. But presumably, in the not-too-distant-future, if I want to get from point A to point B, a self-driving car just might be the easiest and safest way to reach my destination.
Can we say the same about security automation? Are businesses ready to click the “automate my security decisions” button? Is there a waiver for that? And who should sign it: the security team, top-level execs, customers?
Security Automation is Coming: How Soon and How Fast?
Judging by the recent data in a security automation survey we commissioned through Osterman Research, it appears we can expect a steadily rising tide, not a tsunami.
The report reflects data from 465 global respondents from companies larger than 1000 employees, meaning they have sufficiently complex security environments.
One of the key takeaways from the report was the level of understanding of core security issues — questions that come up day after day — is alarmingly low. These are issues like knowing why a firewall rule exists, how security policy affects inbound and outbound traffic, what’s the business impact of security changes and which network devices hold vulnerabilities.
Comparing responses from geographic regions, the most confidence in understanding such an issue came from US respondents, with 62 percent saying they have a good understanding of why each of their firewall rules exist. That figure, though, is well below where it needs to be. Imagine if your tax adviser said they had a 62 percent understanding of what the tax rules mean. Or a pilot saying I really understand 62 percent of those dials, the rest, not so much.
In terms of understanding vulnerabilities on network devices, more than half of respondents from the US and EMEA reported having only some or minimal understanding.
Where Does All the Time Go?
The overarching lack of confidence, in my opinion, isn’t a matter of ability — it’s a matter of time. One of the survey questions was about where you spend a significant amount of time. Incident response and compliance management lead the way, which is no surprise as both are high-priority, time-sensitive items. Incidents need to be contained and neutralized as soon as possible, and audit deadlines have to be met. These demands put the squeeze on decision support analysis and optimization tasks, which get pushed down the to-do list.
What’s Behind the Security Automation Push?
I was a bit dismayed to see that cost was the number one driver of security automation initiatives. Not that cost shouldn’t be a concern, but a fundamental security goal like reducing security exposure only ranked fifth.
Automation can reduce costs, better handle added complexity and move skilled staff off of mundane tasks. But I sure hope we, as practitioners and vendors, have a collective goal to harness security automation to limit the risk of cyberattacks.
One of the tenets of the self-driving car revolution is the promise that an autonomous vehicles, once we work the kinks out of the systems, will lead to fewer accidents. I hope we’ll be able to say that security automation reduces security incidents. If not, we’re focused on the wrong objective.
Security Automation and Cloud Initiatives Deeply Linked
Survey respondents made clear the ongoing cloud revolution is going to make security automation a necessity. 43 percent of APAC respondents said the movement of workflows to the cloud was driving automation requirements in their organization. Makes sense, as it becomes impossible by manual means to ensure policies are maintained as resources are constantly spun up and down. In this respect, the US and EMEA security teams are lagging behind their APAC counterparts. Perhaps it’s time to ask the APAC team what they are doing to automate their security processes for cloud.
If you’d like to learn more about the state of security automation and how you can improve your automation journey, register for our webinar with Michael Osterman, president of Osterman Research, where he’ll discuss insights from the survey in detail.
Cryptominers Surpass Ransomware as Most Widespread Cybercrime Malware: New trends report shows malicious cryptominers and ransomware trading places in attack popularity between the last half of 2017 and first half of 2018