View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Why security automation should be welcomed, not feared

As part of CBR's Tech Express series, Huntsman Security CEO Peter Woollacott sits down with CBR's Ellie Burns to discuss security automation.

By Ellie Burns

EB: Why does cyber security need to be automated?

PW: The simple fact is, the volume of threats faced by organisations is too great for analysts to deal with manually.

It’s becoming impossible for analysts to actually investigate every threat, or even differentiate between real threats and false alarms: while the pressure on analysts is causing them to suffer from burnout – leaving organisations even more vulnerable.

In a world facing an increased number of threats on an ongoing basis, automation is critical to help organisations successfully identify, and react to attacks on their systems without placing impossible pressure on analysts.

 

EB: What does security automation do?

PW: At their core, automated cyber-security systems deal with repetitive tasks that human analysts can no longer deal with due to sheer volume.

Whether it’s monitoring networks and users for known threats, or any unusual behaviour that could signify a breach, these systems can deal with huge amounts of threats very quickly.

More advanced systems can also triage the alerts they generate, and decide whether that alert needs to be seen by a human analyst. For instance if an automated tool picks up a user accessing files they wouldn’t usually access – such as a receptionist accessing finance data – it can flag this as worthy of attention to a human analyst so it can be investigated.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Overall though, automated systems allow businesses to triage threats and work out what needs to be tackled, when and how – whether that is by a human analyst or another cyber-security system.

IT directors divided on AI and automation - tech to create or displace jobs?
EB: How does security automation affect the role of human analysts?

PW: Human analysts are still hugely important when it comes to tackling threats. While automated systems can identify and triage threats, they cannot make the final decision or resolve issues in all cases.

We’re still at the stage where human analysts will have to determine the nature of an attack and decide how to remedy it.

For instance, an automated system could identify abnormal behaviour in a server, decide it deviates enough from standard behaviour to represent a real threat, and alert the security team whilst also quarantining the affected system. However, any action beyond this should be dealt with by a human able to make more complex decisions and judgements.

 

EB: How should automation be introduced into a security environment?

PW: When introducing automated systems, it’s important that organisations make it clear that they are putting them in place to help people and not replace them.

Automated cyber-security platforms are designed to both reduce pressure on security analysts while at the same time making them more effective – allowing them to focus on the most complex tasks whilst machines deal with more simple, high-volume repetitive tasks.

Why Security automaton should be welcomed, not feared

The Huntsman CEO gave his view on security automation as part of CBR’s Tech Express Series.

Thus using these systems removes what is traditionally the biggest workload for analysts: making this understood should mean that automation is welcomed, instead of being viewed with suspicion.

 

EB: When are we likely to see cyber-security automation go mainstream?

PW: In many ways cyber-security automation has already gone mainstream. With the increased number of threats that organisations face, it has become impossible for everything to be analysed by security analysts.

As such, many businesses have put in place systems that are capable of flagging and dealing with low level threats. In the future, we are likely to see more advanced systems that are capable of dealing with more advanced threats automatically – though widespread adoption of these may be some way off.

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU