Story image

Effective security needs a balance of both humans and robots

30 May 18

IT security professionals face an uphill battle these days. Tasked with protecting their organisations from myriad cyber threats, they find themselves fighting more battles with constrained resources.

As a result, many are turning to security automation tools to provide a first line of defence. These robotic tools offer the ability to stop threats in their tracks while also shielding security staff from endless alarms and letting them focus on more value-adding tasks.

They also assist in overcoming the ongoing skills shortage in the cybersecurity space. More work can be completed with fewer humans, without compromising security levels.

The power of automation

Robotic automation can play a key role within any IT department. The tools can quickly contain thousands of potential threats while human analysts examine the details of significant incidents, work out how to tackle them, and determine how they can best prevent a similar threat occurring in the future. Additionally, automation tools can create comprehensive incident reports that can, in turn, be used to improve future responses.

The tools also free staff from many mundane monitoring tasks. Because they are no longer under pressure to respond to each and every alarm, they can instead investigate threats more thoroughly. Staff can also develop ways to test the effectiveness of their organisation’s security capabilities, through stress testing and simulation exercises.

The robots also give security analysts more time to get up to speed on the latest threats and improve their technical skills. This, in turn, improves the overall security expertise within the organisation and helps it move from a reactive to proactive stance. They also let security staff deal with genuine threats more quickly and reduce the opportunity for problems to intensify.

Humans still required

However, the threat environment is extremely complex and constantly evolving. While robotic automation is incredibly sophisticated and getting better, it's not foolproof.

One big issue is false negatives. While these can be largely eliminated through effective fine-tuning of automation software and workflows, it demonstrates that solely relying on algorithms would be a big error.

Instead, robotic automation should be treated as a tool that can help security staff operate more efficiently and make the most of available resources. They should, however, never become a substitute for human expertise and experience.

To be effective, security teams need to perform a robot-and-human balancing act to ensure that human intervention remains a major part of the threat detection and resolution equation.

Automating too much of the workload will quickly cause problems. It will mean that threats that are outside the experience of the machine learning software could go undetected or aren't investigated properly. Over automation could also mean unusual but legitimate user activity that isn't a threat could be blocked, creating more work for security teams and frustration for users.

At the same time, automating too little of the workload will cause issues as well. It will lead to security teams continuing to feel the strain and being unable to do their jobs properly. Again, this could result in threats being missed or a security team that isn't as up to speed on security developments as it needs to be.

It must be remembered that the security skills humans bring to the equation remain a vital commodity, and the security skills shortage being experienced in many areas is widely acknowledged as a problem that automation alone can't fix.

According to recent research by the Enterprise Strategy Group, the security skills shortage is most acute in the area of security investigations/analysis (nominated by 31% of respondents), application security (31%) and cloud security (29%). These areas can't be taken care of by automation tools, and the expertise and adaptability that humans bring remains vital.

While robotic automation delivers the ability to flag and contain threats and prioritise them for further investigation, the tools can't investigate threats to the extent that human analysts can, or take the action needed to remove them from the network and repair the damage that has been caused.

Also, when it comes to security for specific applications (both on premises and in the cloud), specialist skills are required to ensure systems are set up correctly and that the activity that takes place within them is appropriately managed.

The role of automation in security operations is certain to continue to grow, however organisations need to ensure the correct elements are automated and that human intervention remains a key part of keeping the organisation safe.

While the abilities of automation tools will evolve and expand, it remains important that all organisations get the balance right between robots and humans. Working together, they can provide the best possible IT security protection.

Article by LogRhythm senior regional marketing manager Asia Pacific and Japan, Joanne Wong.

How healthcare can prepare for My Health Record roll-out - Proofpoint
Australia’s healthcare sector is the continent’s biggest cybercrime target, according to a July report from the Australian Information Commissioner.
How DEX aims to guide process-enabled automation strategies
"Although automation is gaining a lot of momentum, there are many instances where early adopters have failed to achieve their business transformation and ROI goals."
Penten & Cyber Security CRC to research 'advanced cyber traps'
The research centres on how advanced cyber traps, which are used to identify data breaches as they happen, can be used in conjunction with tools such as artificial intelligence.
Achieving cyber resilience in the telco industry - Accenture
Whether hackers are motivated by greed, or a curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat
The CISO view on DevOps: How to protect privileged access in the cloud
While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods.
Nasuni receives AWS competency status for primary storage
The recognition certifies that Nasuni Cloud File Services meet AWS's strict technical proficiency requirements for primary storage.
How mass data fragmentation impacts business growth and compliance readiness
"About 44% of Australian businesses use six or more solutions to try to manage fragmented data sources and repositories."
LogicMonitor launches container monitoring solutions
Kubernetes monitoring and LM Service Insight provide performance analytics and data retention for microservices and containerised applications.