Why Every Business Should Embrace Automated Threat Response

Security

Image via Pixabay

When it comes to information sharing in the workplace, it’s truly astounding to see how far the industrial world has come in recent years. Today, virtually every department in a company can access, analyze, and share information like never before — which is unlocking huge financial, productivity, and growth opportunities for organizations.

Even in our personal lives, we have access to tools like IFTTT, Zapier, and Microsoft Flow that, when given a few simple parameters, can automate workflows, aggregate content, collect data, and deliver relevant information to our fingertips in the blink of an eye.

Information sharing processes that used to require humans to manually browse through websites and wade through piles of data can now be automatically triggered by computer programs, boosting efficiency to unprecedented levels, and allowing individuals to focus on higher-skilled tasks.

Yet, despite the immense value much of the working world is deriving from automation, one key business function is yet to fully reap its rewards: information security.

The Human Burden

There are several private and public organizations working across all industries whose sole job is to collect and share information security threat intelligence. However, even the most prevalent groups like ISAOs, ISACs, and InfraGard still distribute the majority of their information in large PDFs and emails.

These files are not machine readable, meaning the burden falls onto a human’s shoulders to glean actionable insights from them. Someone (or a team of people) must dig through the weeds, sift through each and every threat outlined in the report, and determine whether or not it’s something the company needs to address — a process that takes weeks or months to carry out. By that time, the threat is likely no longer a potential risk; it’s a real-life system breach.

It goes without saying that manual threat analysis drives operational costs through the roof and isn’t keeping our companies as safe as they should be.

But here’s the kicker: At this point, we’ve only covered the “discovery” phase of the process. The next step is to actually respond to the threats we identify and boost our defenses — a task that’s proving to be twice as cumbersome.

Quick Response Is Critical

At many modern companies, purchasing software and partnering with vendors tends to be a free-for-all where each department works within a silo, using its budget to buy products that address its needs. Ultimately, this leaves businesses with gigantic lists of non-standardized IT systems, tools, and vendors that all have unique configurations and APIs.

When your security team identifies a threat and wants every department to carry out the simple task of looking out for a particular IP address, imagine how incredibly difficult it is for them to both communicate and implement this information throughout every disparate system in the company. It can require months to fully execute this request.

Between the time it takes to discover a threat and the time it takes to respond to it, we’re looking at a process that could take an entire year to carry out — which is rather ridiculous when you consider just how important information security is to protecting critical infrastructure across the globe.

Automation Is the Answer

It is no longer necessary to comb through large, static PDF files that contain every piece of threat data known to man. Thanks to the advent of STIX and TAXII — machine-readable frameworks for threat intelligence — companies can now program automated systems to monitor numerous real-time feeds of threat data.

These systems compile information into interactive dashboards that everyone in the company can access. Managers from each department, for example, could log in, search for certain keywords, identify threats against specific systems their employees use, and with one click, deploy a course of action — whether that’s installing a patch, updating an antivirus system, asking a firewall to block certain IP addresses, or sending a company-wide email that warns employees of a phishing scam.

These automated systems can instantaneously tap into your existing IT infrastructure — as disparate as it may be — and instigate security upgrades that would otherwise take months to implement.

Automation is a core principle of lean security, and the benefits of this approach are far reaching:

  • Less Budgetary Burden. Information security spending is steadily rising across the globe, and you can be sure a good portion of that money is being spent on manual processes that are no longer necessary — such as reacting to malware or the latest threats. By automating threat discovery and response, companies can drastically lower their operational costs while simultaneously freeing up their security experts to focus on additional high-value business objectives.
  • Stronger Internal Infrastructure. Automated threat discovery and response definitely leads to safer, stronger internal infrastructures — not just because it’s faster, though.Humans are mistake-prone, especially when they’ve been staring at PDF files for weeks on end. Allowing machines to do the heavy lifting greatly limits the chance of error and results in better, more reputable threat intelligence, analysis, and response.
  • A Culture of Safety. There are also cultural benefits to utilizing an automated system. Creating a dashboard every department leader can access and interact with fosters learning around a topic that’s typically seen as overly complex. By breaking down information silos and building understanding around security, companies can take a collaborative approach to the endeavor.
  • A Safer World. Once automated threat discovery and response becomes something the entire industrial world embraces, hackers will face more resistance than ever, and we will see a drastic reduction in cybercrime. With everyone sharing intelligence, information regarding an attempted attack at one company is instantaneously broadcasted to all other companies, and with one click, countless potential targets can avoid mayhem. This will drive cybercriminals crazy and drain their funds, as they’re used to being able to reuse attacks multiple times because of how long it typically takes companies to discover and respond to threats.

Beyond saving your company money, strengthening its infrastructure, and changing its culture for the better, automated threat response presents worldwide implications that simply cannot be ignored.

With essentially every modern business function embracing automation and collecting data at breakneck speeds, it’s essential for information security — the function charged with keeping this data safe — to follow suit.

By | 2016-11-22T18:33:37+00:00 November 22nd, 2016|Articles|

About the Author:

Andrew Storms serves as the Vice President of Security Services at New Context. He has been leading IT, Security and Compliance teams for the past 2 decades at companies like CloudPassage, nCircle and Tripwire. Storms’ advocacy on IT security issues has appeared in CNBC, Forbes and The New York Times. He is a CISSP, a member of Infragard and a graduate of the FBI Citizens’ Academy.