Automation: Cyber security’s friend and enemy

In today’s threat landscape, organizations must use every tool at their disposal if they want to stay one step ahead of cyber criminals. With cyber criminals now leveraging AI and automation in their attacks, a manual defense isn’t enough to protect your data. Automated attacks require automated responses to level the playing field.

Anyone in IT knows that cyber attacks are not only on the rise but also are growing in sophistication; and can be devastating and expensive. According to IBM’s 2021 Cost of a Data Breach Report, data breaches cost on average $4.24 million. On the other hand, organizations with fully deployed automation and AI, those data breach costs decreased averaging $3.81 million less – a significant savings.

However, though AI-powered tools and automation are positioned to provide a whole host of benefits, they are not without drawbacks. For example, cyber criminals can find ways to manipulate the same automated systems businesses are currently using.

Read on as we will analyze the pros and cons of an automated cyber security defense.

How is automation used in cyber security?

Many organizations see automation as a path toward efficiency allowing them to focus manpower on more complex issues or to stay afloat in the face of a cyber security skills gap. But the tools of automation become a necessity when mitigating automated attacks – turning a battle between man and machine into a battle between machine and machine.

In a recent ThreatQuotient report, 95% of respondents indicated they already use automation in security to some extent. Half of respondents are already automating threat intelligence processing, 44% are automating vulnerability management, and 39% are automating password resets.

Palo Alto Networks recommends using automation for data correlation, generating and implementing cyber defenses faster than attacks can progress thus detecting existing infections. Other uses may include third-party integrations, data management and prioritization, and data cleansing and extraction.

At SoftwareOne, we use intelligent automation in our Managed Detection and Response (MDR) services to perform tasks such as auto-remediation of configuration issues, blocking of malicious traffic, collection and correlation of data across connected security layers, automated alerts, responses, and more.

Benefits of cyber security automation

The numerous benefits of cyber security automation include the following:

• Handles repetitive and tedious tasks, freeing up team members to work on more creative and complex problems
• Breaks down silos created by point solutions
• Positions organizations to fight automated attacks on a level playing field
• Enables the ability to react to potential breaches with advanced threat intelligence
• Respond in real-time to active threats
• Improves visibility and control
• Manages triage and false security alerts so team members don’t have to
• Streamlines incident response
• Facilitates informed decision-making
• Leads to improved data management
• Enables threat detection and response at scale

Automated cyber security makes use of integrated tools to handle large amounts of busywork, collect useful data, and address threats as they happen in ways where manual processes can’t compete.

Why isn’t everyone relying on these tools?

There are many reasons that several organizations aren’t fully on board with cyber security automation. For example, in the ThreatQuotient report mentioned earlier, 31% of respondents indicated a lack of trust in cyber security automation. For some feel that leaving tasks up to automated processes reduces their control.

From that same report, top issues preventing organizations from applying cyber security automation were technology (43%), budget (40%), and skills (36%). In addition, 92% of organizations admit to experiencing issues when implementing cyber security automation, citing problems related to a lack of skills (45%), a lack of trust in the outcomes (41%), budget issues, and poor decision-making.

While automation is great for some things, it doesn’t always work as planned, and there are still some tasks for which humans may be better suited. Finally, automation must be managed, configured, and optimized, which requires manual intervention. This is why SoftwareOne’s new Incident Response & Security Testing services are human-based. While we like to leverage the latest technology, it’s important to find the balance between man and machine to achieve optimization.