Story image

Effective security needs a balance of both humans and robots

30 May 18

IT security professionals face an uphill battle these days. Tasked with protecting their organisations from myriad cyber threats, they find themselves fighting more battles with constrained resources.

As a result, many are turning to security automation tools to provide a first line of defence. These robotic tools offer the ability to stop threats in their tracks while also shielding security staff from endless alarms and letting them focus on more value-adding tasks.

They also assist in overcoming the ongoing skills shortage in the cybersecurity space. More work can be completed with fewer humans, without compromising security levels.

The power of automation

Robotic automation can play a key role within any IT department. The tools can quickly contain thousands of potential threats while human analysts examine the details of significant incidents, work out how to tackle them, and determine how they can best prevent a similar threat occurring in the future. Additionally, automation tools can create comprehensive incident reports that can, in turn, be used to improve future responses.

The tools also free staff from many mundane monitoring tasks. Because they are no longer under pressure to respond to each and every alarm, they can instead investigate threats more thoroughly. Staff can also develop ways to test the effectiveness of their organisation’s security capabilities, through stress testing and simulation exercises.

The robots also give security analysts more time to get up to speed on the latest threats and improve their technical skills. This, in turn, improves the overall security expertise within the organisation and helps it move from a reactive to proactive stance. They also let security staff deal with genuine threats more quickly and reduce the opportunity for problems to intensify.

Humans still required

However, the threat environment is extremely complex and constantly evolving. While robotic automation is incredibly sophisticated and getting better, it's not foolproof.

One big issue is false negatives. While these can be largely eliminated through effective fine-tuning of automation software and workflows, it demonstrates that solely relying on algorithms would be a big error.

Instead, robotic automation should be treated as a tool that can help security staff operate more efficiently and make the most of available resources. They should, however, never become a substitute for human expertise and experience.

To be effective, security teams need to perform a robot-and-human balancing act to ensure that human intervention remains a major part of the threat detection and resolution equation.

Automating too much of the workload will quickly cause problems. It will mean that threats that are outside the experience of the machine learning software could go undetected or aren't investigated properly. Over automation could also mean unusual but legitimate user activity that isn't a threat could be blocked, creating more work for security teams and frustration for users.

At the same time, automating too little of the workload will cause issues as well. It will lead to security teams continuing to feel the strain and being unable to do their jobs properly. Again, this could result in threats being missed or a security team that isn't as up to speed on security developments as it needs to be.

It must be remembered that the security skills humans bring to the equation remain a vital commodity, and the security skills shortage being experienced in many areas is widely acknowledged as a problem that automation alone can't fix.

According to recent research by the Enterprise Strategy Group, the security skills shortage is most acute in the area of security investigations/analysis (nominated by 31% of respondents), application security (31%) and cloud security (29%). These areas can't be taken care of by automation tools, and the expertise and adaptability that humans bring remains vital.

While robotic automation delivers the ability to flag and contain threats and prioritise them for further investigation, the tools can't investigate threats to the extent that human analysts can, or take the action needed to remove them from the network and repair the damage that has been caused.

Also, when it comes to security for specific applications (both on premises and in the cloud), specialist skills are required to ensure systems are set up correctly and that the activity that takes place within them is appropriately managed.

The role of automation in security operations is certain to continue to grow, however organisations need to ensure the correct elements are automated and that human intervention remains a key part of keeping the organisation safe.

While the abilities of automation tools will evolve and expand, it remains important that all organisations get the balance right between robots and humans. Working together, they can provide the best possible IT security protection.

Article by LogRhythm senior regional marketing manager Asia Pacific and Japan, Joanne Wong.

Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.