Originally published in: https://etinsights.et-edge.com/the-importance-of-automation-in-cyber-security/
In the new-age digital era in which we are currently, cyberattacks have become heavily automated. If organizations try to defend against these attacks manually, the fight would become impossible to win. To successfully protect against automated attacks, it is essential to let the machine fight with the machine by integrating automation into cybersecurity strategy. Automation will help in leveling the playing field, reduce the volume of threats, and allow faster prevention of new and unknown cyberattacks.
Currently, the solutions which are available in the market, OEMs’s or vendors are looking at automation to save manpower or headcount. While true, automation shall be viewed as a tool that can be used to better predict behavior and also execute protections faster than an attack. If implemented appropriately and with the right business use cases, automation can lead to the prevention of successful cyberattacks.
Post studying closely, the following are the recommendation with the help of which automation can be leveraged to stay protected from unknown cyberattacks.
Correlation of available Information:
Organizations have many security technologies implemented and generate numerous amounts of data (events, alerts, logs, etc.), data provides little value unless it is organized into actionable next steps. To do this effectively, organizations need to collect data across all attack vectors and from security technologies implemented within the infrastructure, as well as global threat intelligence outside of the infrastructure. Then, group the threats that behave similarly within the massive amount of data and use the data to predict the attacker’s next step.
Tools with machine learning and automation allow data sequencing to happen faster, more effectively, and more accurately. Finally, by combining the approach with dynamic threat analysis the detection becomes sophisticated and attacks from never-before-seen threats are protected. Following currently available solutions such as Security Orchestration Automation and Response (SOAR), and Machine Detection and Response (MDR) can help organizations achieve their goals.
Planning Protection before the attack can spread:
Once a threat is identified, protection action needs to be created and enabled faster than an attack and before it spreads in the organization’s networks, endpoints, servers, and cloud infrastructure. Manually creating
protection for the different security technologies and enforcing elements capable of countering attacks will be a lengthier process. It will not only move slowly but will also be difficult when correlating different security solutions within the environment. Automation will help in speeding up creating protections without stretching resources, all while keeping pace with the attack.
Enabling Protection before the attack can spread:
Once protection is planned, they need to be enabled to prevent the attack from progressing. Protection should be enforced not only at the location of the threat identification but also across all technologies within the organization to provide consistent protection against the attack’s behavior. Enabling automation for the enablement of protections is the only way to move faster than an automated attack, and stop it. With automation, you will be able to more accurately predict the next step of an unknown attack and move fast enough to prevent it from impacting the
Identifying threats already in the network:
EDR/XDR along with MDR service plays an important role, to identify an infected host or suspicious behaviors. These tools will help you analyze the data in the environment, by looking at a combination of behaviors that indicate a host in the environment has been infected. Automation allows faster analysis of a
compromised host in the network, faster detection, and intervention.
Let’s accept the fact that organizations cannot move faster than attackers, attackers use automation to move fast and deploy new threats at lightning speed. The only way to keep up and defend against these threats efficiently is to adopt automation as part of your cybersecurity strategy.
Leveraging the next-generation security platform will help an organization to analyze the data faster and turn unknown threats into known threats. Creating an attack DNA, and enforcing a full set of protections throughout the organization will help stop the attack lifecycle.
This article is authored by Pawan Chawla, Chief Information Security Officer (CISO) and Data Protection Officer (DPO), Future Generali India Life Insurance.