Story image

Ovum says security industry 'finally' coming round to automation

23 Jun 2017

The security market is ‘finally’ coming around to the idea of automation, according to Ovum.

Ovum analyst, Rik Turner says the industry may at last be ‘waking up’ probably due to customer demand and the fact that automation is necessary to underpin a security posture that is aware an organisation’s infrastructure is liable to be breached. Not to mention that the cards are currently stacked very much in the attackers’ favour.

“Ovum has noted that, this year, vendors are finally talking about automating the response capability in their security platforms once they have detected something,” says Turner.

“For a few years now, when asked whether they could provide automated responses such as quarantining, then removal of the offending code from wherever it has taken up residence within a corporate infrastructure, they have always replied that they could, but that clients do not want it.”

Turner says the reason for this is fear of false positives.

“Banks do not want to upset high-net-worth customers who might be shut out from their account because the system suspects that they may be bogus,” says Turner.

“Online retailers do not want to create friction by making customers jump through extra authentication hoops unless absolutely necessary. Charities do not want to put off potential online donors because the system is worried they may actually be engaged in money laundering.”

However, Turner says that too appears to be changing, as some real implementation is going beyond just the talk of the past with several vendors now talking freely about exploring their capabilities to include automated response and remediation.

“Their customers are now ready to take this step, which suggests that, as they face the tidal wave of attacks with overworked and frequently understaffed security teams, they are asking their suppliers to stop the more run-of-the-mill stuff, freeing their analysts to focus on the more sophisticated, complex, and difficult-to-detect attacks,” says Turner.

However, one of the greatest barriers to be overcome is the shortage of staff and talent in security, as Turner asserts this is clearly putting pressure to implement more automation where possible.

“Think of it like water: you expect your utility to provide it in clean, drinkable form, leaving you to worry about whether it is hard or soft in your area, and whether you need to add a softener before you turn your washing machine on,” Turner concludes.

Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.