EB: Why does cyber security need to be automated?
PW: The simple fact is, the volume of threats faced by organisations is too great for analysts to deal with manually.
It’s becoming impossible for analysts to actually investigate every threat, or even differentiate between real threats and false alarms: while the pressure on analysts is causing them to suffer from burnout – leaving organisations even more vulnerable.
In a world facing an increased number of threats on an ongoing basis, automation is critical to help organisations successfully identify, and react to attacks on their systems without placing impossible pressure on analysts.
EB: What does security automation do?
PW: At their core, automated cyber-security systems deal with repetitive tasks that human analysts can no longer deal with due to sheer volume.
Whether it’s monitoring networks and users for known threats, or any unusual behaviour that could signify a breach, these systems can deal with huge amounts of threats very quickly.
More advanced systems can also triage the alerts they generate, and decide whether that alert needs to be seen by a human analyst. For instance if an automated tool picks up a user accessing files they wouldn’t usually access – such as a receptionist accessing finance data – it can flag this as worthy of attention to a human analyst so it can be investigated.
Content from our partners
Overall though, automated systems allow businesses to triage threats and work out what needs to be tackled, when and how – whether that is by a human analyst or another cyber-security system.
EB: How does security automation affect the role of human analysts?
PW: Human analysts are still hugely important when it comes to tackling threats. While automated systems can identify and triage threats, they cannot make the final decision or resolve issues in all cases.
We’re still at the stage where human analysts will have to determine the nature of an attack and decide how to remedy it.
For instance, an automated system could identify abnormal behaviour in a server, decide it deviates enough from standard behaviour to represent a real threat, and alert the security team whilst also quarantining the affected system. However, any action beyond this should be dealt with by a human able to make more complex decisions and judgements.
EB: How should automation be introduced into a security environment?
PW: When introducing automated systems, it’s important that organisations make it clear that they are putting them in place to help people and not replace them.
Automated cyber-security platforms are designed to both reduce pressure on security analysts while at the same time making them more effective – allowing them to focus on the most complex tasks whilst machines deal with more simple, high-volume repetitive tasks.
The Huntsman CEO gave his view on security automation as part of CBR’s Tech Express Series.
Thus using these systems removes what is traditionally the biggest workload for analysts: making this understood should mean that automation is welcomed, instead of being viewed with suspicion.
EB: When are we likely to see cyber-security automation go mainstream?
PW: In many ways cyber-security automation has already gone mainstream. With the increased number of threats that organisations face, it has become impossible for everything to be analysed by security analysts.
As such, many businesses have put in place systems that are capable of flagging and dealing with low level threats. In the future, we are likely to see more advanced systems that are capable of dealing with more advanced threats automatically – though widespread adoption of these may be some way off.
