Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Network Security

In Automation We Trust! (Or Do We?)

The sad truth is that the security practice lags behind pretty much every other IT discipline when it comes to automation.

• Need to spin up compute power? Give me a few seconds. A new virtual server may even be spun up automatically when the workload requires it.

The sad truth is that the security practice lags behind pretty much every other IT discipline when it comes to automation.

• Need to spin up compute power? Give me a few seconds. A new virtual server may even be spun up automatically when the workload requires it.

• Need a new database? Take a 5 minute coffee break – it will be ready when you get back.

• Need a new firewall rule? Need alerts analyzed? Need access to new system? Sure, what does your schedule look like after Labor Day?

Network Security AutomationYou get where I am going with this. But hyperbole aside, security practitioners have long had a love-hate relationship with automation, and for good reason. There is certainly a “damned if you do, damned if you don’t” phenomenon when it comes to automation:

Automate – and you may suffer the repercussions of a bad decision made by the automated tool. Good luck trying to explain to the CEO that he can’t access the CRM system because the IPS solution falsely flagged “malicious” traffic.

Don’t Automate – and you will suffer the repercussions of slow response to both business needs and security threats. Look no further than the recent well-publicized Target breach. The alarms were triggered, but the process of reviewing them was manual. By the time security teams (who like everyone else, are extremely busy) got around to looking at the information, 40 million credit cards have made their way to the hands of the attackers.

Yet recently, I firmly believe the scales have tipped in favor of automation. There are several trends that lead me to this conclusion:

Advertisement. Scroll to continue reading.

Better technology – tools, such as IPS for example, have become more accurate with fewer false positives. This increased reliability provides peace of mind for the security teams that use them.

• Increasing pace of change – the number of changes security teams have to deal with is increasing. This increased rate can be attributed to the changing threat landscape, application overload (which I wrote about in a previous post), network evolution such as cloud computing and more. In a recent State of Network Security Survey, 64% of organizations reported they remain hampered by time-consuming manual processes.

• New Security Infrastructure – Organizations have deployed many new technologies to address new threats and enable new business models (Advanced Malware Prevention and BYOD platforms to name a couple) but in security, technologies rarely go away. This means we are still managing our old firewalls and AV solutions, alongside the latest shiny gadgets. · Strained resources – the constant quest of the corporate world to “take cost out of the business” does not bypass security. It seems we all have to do more with less.

But this is not just a theoretical observation. I often see real-life examples where more trust is put in automation. One example is IPS/IDS – up until a few years ago, most of these tools were famous (And let’s face it, sometimes ridiculed) for being deployed in “detect only” mode. There is a strong shift to turning on the “prevention” switch. Another example is automatic firewall policy push. When this capability was introduced a few years ago in the security policy management space, most organizations shied away from it and would let software automatically push policy to the firewall, even if it was automatically analyzed and reviewed for any risk and compliance violations. Today, more and more organizations are opting for this capability to automate the entire change process.

Not everything in security is ripe for automation. Thankfully, There is still value in an intelligent human reviewing data and making decisions, not to mention setting policy and prioritizing security risks and investments. But here are a few recommendations organizations should follow when considering automation:

Examine repetitive manual processes – are you taking the same decision based on the same data time and time again? If you can program this logic in a piece of software, it makes sense to do so. Chances are there may even be an off the shelf solution that already does this.

Run limited pilot programs – If you are afraid of the repercussions of automation, try piloting the technology in live, but non critical parts of your business. This way you can limit the damage from “wrong” automated actions, or better yet, prove to yourself that the solution can be trusted and deploy it more widely.

Ensure visibility into automation – you still need visibility into what the automated solution is doing. Imagine if the security infrastructure deployed by Target security team would have automatically blocked malicious activity and sent out an alert regarding its actions. The repercussions of being late to analyze that alert would have been much more favorable.

Related: Elevating the Human Element in Preventing Data Breaches

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...