Regardless of what industry you’re in—but ESPECIALLY important if you have compliance demands from HIPAA or PCI—the value of security automation goes far beyond you initial investment.
As your organization has matured from maybe a handful of people to dozens or more, the need for automation is probably apparent in any day to day work your management team is involved.
From HR documents being tracked and recorded to accounting getting payables and payroll done correctly on a timely manner to operations teams and sales teams making sure they are doing value activities that go beyond the rote mechanics of data entry and untracked progression, if you’re successfully scaling your business or organization you have assuredly gotten some help from automation.
BUT, beyond the simple promise of being able to do something faster, saving employee time getting tasks done (maybe eliminating the number of clicks or logins you have to do each day to access sensitive information or get proper reporting), the extent to which automation is useful in cybersecurity is poorly understand in the majority of organizations I speak with.
Automation is much more than simply turning human behaviors into process. What I mean by this is that often times when my software team is automating parts of a business process, they walk through what each user is currently doing and is finding ways to improve their outcomes through automation. We identify where mistakes commonly get made in a process, where the majority of time gets wasted on tasks and figure out ways to accommodate processes with code.
To help get you thinking about automation on a security level, here are a few processes to consider when thinking about security automation:
Event management—more often than not, businesses fail to even notice when they’ve got a security problem until weeks or even months after the breach or hack started. Hackers often penetrate networks and lay low for extended periods, gleaning small amounts of sensitive information, keystrokes and credentials. They get a sense of what you value and how large your network is and then attack when they think (or their programmed worm thinks) is the right time. By not having a good SIEM (security information and event management) system, your team risks not detecting an attack once it’s started. Automation goes miles above any manual system. Also, having a system that filters through false positives and alerts you on the big important issues can make the difference between detecting real incidents and getting bogged down in the security weeds.
Verify reputations of URLs—your team should be assessing URLs that might be suspicious and listing them as such. By having an automated system that gathers contextual data on websites and links, you are able to assess how trusted they are before allowing staff to click on links. This goes a long way to preventing the next phishing attempt that may lead in a full blown ransomware attack.
Knowing your latest risks—data keeps piling up from cybersecurity experts warning about security risks. But more often than not, your team has no one place to digest and react and strategically absorb information. Automating a system that is able to store and determine the most important information for your team may make the difference between overwhelming them with too much information and giving them the highlights that may lead to actionable movement towards protecting your organization.
Notifications and task assignments—likely your security team is not made up of one person (if it is, you might be handing too much to that one person to really do a satisfactory job at everything). Task and notification automation can help your team understand what problems are currently on your network and give them a framework to prioritize and assign issues as tasks.
Be careful with what you automate—as any mentor will tell their students, garbage in garbage out. If you willy nilly automate processes without fully understanding how they work or how your team works, you may be doing more harm than good with automating security.
Security IS serious business—especially in 2018. Are you thinking about ways to automate your cybersecurity or are you merely trusting someone to get around to it?
