Automation: Cybersecurity’s Friend and Enemy


Cybersecurity’s Friend and Enemy

Automation: Cybersecurity’s Friend and Enemy

In today’s threat landscape, organizations must use every tool at their disposal if they want to stay one step ahead of cybercriminals. With cybercriminals now leveraging AI and automation in their attacks, a manual defense isn’t enough to protect your data. Automated attacks require automated responses to level the playing field.

Anyone in IT knows that cyberattacks are not only on the rise but also are growing in sophistication; and can be devastating and expensive. According to IBM’s 2021 Cost of a Data Breach Report, data breaches cost on average $4.24 million. On the other hand, organizations with fully deployed automation and AI, those data breach costs decreased averaging $3.81 million less – a significant savings.

However, though AI-powered tools and automation are positioned to provide a whole host of benefits, they are not without drawbacks. For example, cybercriminals can find ways to manipulate the same automated systems businesses are currently using.

Read on as we will analyze the pros and cons of an automated cybersecurity defense.

How is Automation Used in Cybersecurity?

Many organizations see automation as a path toward efficiency allowing them to focus manpower on more complex issues or to stay afloat in the face of a cybersecurity skills gap. But the tools of automation become a necessity when mitigating automated attacks – turning a battle between man and machine into a battle between machine and machine.

In a recent ThreatQuotient report, 95% of respondents indicated they already use automation in security to some extent. Half of respondents are already automating threat intelligence processing, 44% are automating vulnerability management, and 39% are automating password resets.

Palo Alto Networks recommends using automation for data correlation, generating and implementing cyber defenses faster than attacks can progress thus detecting existing infections. Other uses may include third-party integrations, data management and prioritization, and data cleansing and extraction.

At SoftwareONE, we use intelligent automation in our Managed Detection and Response (MDR) services to perform tasks such as auto-remediation of configuration issues, blocking of malicious traffic, collection and correlation of data across connected security layers, automated alerts, responses, and more.

Benefits of Cyber Security Automation

The numerous benefits of cybersecurity automation include the following:

  • Handles repetitive and tedious tasks, freeing up team members to work on more creative and complex problems
  • Breaks down silos created by point solutions
  • Positions organizations to fight automated attacks on a level playing field
  • Enables the ability to react to potential breaches with advanced threat intelligence
  • Respond in real-time to active threats
  • Improves visibility and control
  • Manages triage and false security alerts so team members don’t have to
  • Streamlines incident response
  • Facilitates informed decision-making
  • Leads to improved data management
  • Enables threat detection and response at scale

Automated cybersecurity makes use of integrated tools to handle large amounts of busywork, collect useful data, and address threats as they happen in ways where manual processes can’t compete.

Get to know Managed Detection and Response (MDR)

MDR is a service that provides your organization with access to the capabilities needed to effectively identify, analyze, and respond to cyber threats before they disrupt your business.

Learn more

Why Isn’t Everyone Relying on These Tools?

There are many reasons that several organizations aren’t fully on board with cybersecurity automation. For example, in the ThreatQuotient report mentioned earlier, 31% of respondents indicated a lack of trust in cybersecurity automation. For some feel that leaving tasks up to automated processes reduces their control.

From that same report, top issues preventing organizations from applying cybersecurity automation were technology (43%), budget (40%), and skills (36%). In addition, 92% of organizations admit to experiencing issues when implementing cybersecurity automation, citing problems related to a lack of skills (45%), a lack of trust in the outcomes (41%), budget issues, and poor decision-making.

While automation is great for some things, it doesn’t always work as planned, and there are still some tasks for which humans may be better suited. Finally, automation must be managed, configured, and optimized, which requires manual intervention. This is why SoftwareONE’s new Incident Response & Security Testing services are human-based. While we like to leverage the latest technology, it’s important to find the balance between man and machine to achieve optimization.

What’s Next?

Great security requires multiple, complementary approaches. Successful adoption of cybersecurity automation requires knowledge and know-how for proper integration and management. In most situations, a hybrid approach to security is ideal – deploying automation intelligently for simple, repetitive tasks and rapid response, while still managing the big picture with people.

This is our approach at SoftwareONE. We use Intelligent Automation to handle many tasks while using expert people to oversee and test everything we do. By combining automated and non-automated security measures, we use all the tools in the toolbox to offer one of the most robust managed security services available today. And with that level of support, your organization will excel well into the future.

Protect Your Most Valuable Assets with SoftwareONE MSS

SoftwareONE leverages all the latest technology without losing sight of the big picture. Read our latest eBook to learn more about how to improve your security posture with Managed Security Services.

Download now

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO


Related Articles

Cyber Security Update May 2022
  • 23 June 2022
  • Bala Sethunathan
  • Managed Security, Cybersecurity, Cyber Threat Bulletin
  • Data Security, Security, Ransomware

Cyber Security Update May 2022

Scammers are using more ruthless and sophisticated phishing techniques to acquire confidential data. Don’t let the criminals fool you.

DDoS Threats Are Back
  • 02 June 2022
  • Bala Sethunathan
  • Cybersecurity, Cybersecurity User Awareness
  • Cyber Threats

DDoS Threats Are Back

By understanding how DDoS attacks work and how they can impact business operations, organizations can more effectively mitigate risk. Learn more.

Is MFA Enough to Protect Your Data?
  • 23 May 2022
  • Chris Armstrong
  • Cybersecurity, Cybersecurity User Awareness, Managed Security
  • Microsoft, EDR, Conditional Access, Zero Trust

Is MFA Enough to Protect Your Data?

Many companies have now implemented MFA, but is this enough to cover against all security challenges?