Automation: Cybersecurity’s Friend and Enemy

In today’s threat landscape, organizations must use every tool at their disposal if they want to stay one step ahead of cybercriminals. With cybercriminals now leveraging AI and automation in their attacks, a manual defense isn’t enough to protect your data. Automated attacks require automated responses to level the playing field.

Anyone in IT knows that cyberattacks are not only on the rise but also are growing in sophistication; and can be devastating and expensive. According to IBM’s 2021 Cost of a Data Breach Report, data breaches cost on average $4.24 million. On the other hand, organizations with fully deployed automation and AI, those data breach costs decreased averaging $3.81 million less – a significant savings.

However, though AI-powered tools and automation are positioned to provide a whole host of benefits, they are not without drawbacks. For example, cybercriminals can find ways to manipulate the same automated systems businesses are currently using.

Read on as we will analyze the pros and cons of an automated cybersecurity defense.

Many organizations see automation as a path toward efficiency allowing them to focus manpower on more complex issues or to stay afloat in the face of a cybersecurity skills gap. But the tools of automation become a necessity when mitigating automated attacks – turning a battle between man and machine into a battle between machine and machine.

In a recent ThreatQuotient report, 95% of respondents indicated they already use automation in security to some extent. Half of respondents are already automating threat intelligence processing, 44% are automating vulnerability management, and 39% are automating password resets.

Palo Alto Networks recommends using automation for data correlation, generating and implementing cyber defenses faster than attacks can progress thus detecting existing infections. Other uses may include third-party integrations, data management and prioritization, and data cleansing and extraction.

At SoftwareONE, we use intelligent automation in our Managed Detection and Response (MDR) services to perform tasks such as auto-remediation of configuration issues, blocking of malicious traffic, collection and correlation of data across connected security layers, automated alerts, responses, and more.

The numerous benefits of cybersecurity automation include the following:

• Handles repetitive and tedious tasks, freeing up team members to work on more creative and complex problems
• Breaks down silos created by point solutions
• Positions organizations to fight automated attacks on a level playing field
• Enables the ability to react to potential breaches with advanced threat intelligence
• Respond in real-time to active threats
• Improves visibility and control
• Manages triage and false security alerts so team members don’t have to
• Streamlines incident response
• Facilitates informed decision-making
• Leads to improved data management
• Enables threat detection and response at scale

Automated cybersecurity makes use of integrated tools to handle large amounts of busywork, collect useful data, and address threats as they happen in ways where manual processes can’t compete.

There are many reasons that several organizations aren’t fully on board with cybersecurity automation. For example, in the ThreatQuotient report mentioned earlier, 31% of respondents indicated a lack of trust in cybersecurity automation. For some feel that leaving tasks up to automated processes reduces their control.

From that same report, top issues preventing organizations from applying cybersecurity automation were technology (43%), budget (40%), and skills (36%). In addition, 92% of organizations admit to experiencing issues when implementing cybersecurity automation, citing problems related to a lack of skills (45%), a lack of trust in the outcomes (41%), budget issues, and poor decision-making.

While automation is great for some things, it doesn’t always work as planned, and there are still some tasks for which humans may be better suited. Finally, automation must be managed, configured, and optimized, which requires manual intervention. This is why SoftwareONE’s new Incident Response & Security Testing services are human-based. While we like to leverage the latest technology, it’s important to find the balance between man and machine to achieve optimization.

Great security requires multiple, complementary approaches. Successful adoption of cybersecurity automation requires knowledge and know-how for proper integration and management. In most situations, a hybrid approach to security is ideal – deploying automation intelligently for simple, repetitive tasks and rapid response, while still managing the big picture with people.

This is our approach at SoftwareONE. We use Intelligent Automation to handle many tasks while using expert people to oversee and test everything we do. By combining automated and non-automated security measures, we use all the tools in the toolbox to offer one of the most robust managed security services available today. And with that level of support, your organization will excel well into the future.