As cyber attacks continue to proliferate on a worldwide basis, what can businesses and enterprises do to combat the risk of cyber intrusions? A new report (“The Challenge of Building the Right Security Automation Architecture”) from Juniper Networks and the Ponemon Institute provides an answer to that question. Given the IT skills gap and the dearth of cybersecurity pros in the marketplace today, the report suggests that one potential solution is security automation.
The problem of not enough cybersecurity pros
Without a question, companies and enterprises have to become smarter about the way they combat cyber crime and other coordinated cyber threats. The old approach – simply trying to hire as many cybersecurity pros as possible and then hoping for the best – no longer seems to be working. For one, there simply aren’t enough of these cybersecurity pros to go around. A staggering 57% of respondents interviewed for the Juniper-Ponemon report said that they have difficulty attracting, hiring and recruiting cybersecurity pros.
And it’s not just that companies are having a hard time recruiting new talent – even the talent that currently exists is not up to the task of battling cyber thieves. As the report points out, only one-third (35%) of companies feel that they have the right in-house expertise to battle cyber thieves. Thus, it is increasingly the case that companies are fighting amongst themselves to attract a limited number of cybersecurity pros, as a result of all the competition in the marketplace.
Moreover, as the Juniper reports makes abundantly clear, today’s cybersecurity pros are overworked, spending all of their time on routine, mundane tasks rather than focusing on higher-level threat intelligence analysis. On average, these cybersecurity pros are bogged down for more than 2 hours a day following up on alerts, responding to incidents and updating logs. That’s a huge drain on manpower, and one big reason why companies are looking for a way out of this impasse caused by the shortage of security professionals.
Security automation as a solution
Thus, it’s perhaps no surprise that security automation and orchestration is being viewed as something of a godsend by tens of thousands of corporations around the world. Simply put, if it’s not possible to find enough human cybersecurity pros, it might just be possible to find a security automation and orchestration platform that can cover many of the same functions. That, in short, is one great allure of security automation – the ability to address many of the security threats that they are currently facing without the need to go on a massive hiring spree for new cybersecurity pros.
As the Juniper report highlights, new security automation tools are viewed primarily as a productivity tool. For example, 64% of respondents said that the top benefit of security automation was boosting the productivity of existing cybersecurity pros. These new security systems would speed up response times and ensure that they weren’t just following up on minor cyber threats. As Amy James, Director of Security Portfolio Marketing at Juniper Networks, points out, “It is not surprising that productivity is the most important given it is hands down the most acute pain point that we hear about.”
One way to boost this productivity is simply streamlining the approach to dealing with security threats. Security automation tools can help to ensure that only the highest-risk events are flagged for review by security personnel. Everything else can be taken care of automatically. Moreover, security automation tools can help to significantly reduce the number of false positives, or the number of security incidents that seem to be much ado about nothing.
How, when and where to automate?
On the surface, of course, security automation seems like a panacea to the problem facing organizations around the world, all of them trying to come to grips with security weaknesses while simultaneously trying to minimize the amount of human intervention required. However, the Juniper report suggests that there are a number of pros and cons that need to be considered when it comes to automation.
First and foremost, security automation tools won’t install themselves. They require talented and skilled cybersecurity pros to implement and use them, and that raises the whole “chicken-or-the-egg” conundrum. If companies acquire security automation tools without having the right number of cybersecurity pros in place, then they won’t be able to install or use them. However, if they can’t find the cybersecurity pros to install them, then they can’t acquire the right response and remediation tools. Automation is needed to be more productive (reduce skilled manpower requirements), yet skilled manpower is needed to use the automation solution and respond to threats.
According to James, there is a way out of this problem, and it starts with looking for solutions that are easy to integrate: “Looking for security solutions with built-in automation and seamless integration hooks will help customers avoid some of the issues encountered with implementing a separate automation layer. This is how we (Juniper Networks) are designing and implementing our unified cybersecurity platform. Automation and machine learning are native to our platform so that customers can reap the benefits immediately.”
And there is another issue to consider as well: cyber security vendor sprawl. Simply put, there are too many security vendors selling too many security solutions. Security teams might be doing the right thing by rushing to implement as many of them as possible (such as those that focus on detection and response, or those that automate incident response), but that inevitably leads to a patchwork system, with none of the security automation tools being able to talk to each other.
According to 71% of the respondents in the Juniper report, integration is a huge concern. That’s the only way to make these security automation tools truly effective – all of them need to be integrated into one, comprehensive IT security stack that simplifies the case management process for cybersecurity professionals.
So, while all the headlines about cyber intrusions have led to a mini-boom of new security vendors, all of them promising to solve security loopholes overnight, it has also raised the specter of “vendor sprawl.” And cybersecurity pros agree: more than half (59%) say that the security industry needs to streamline the number of vendors. At the very least, security vendors need to make it easier to integrate their security automation solutions and response processes with legacy IT systems.
The urgent case for security automation
Despite these issues facing the industry, it is now clear that automation is crucial to battling cybercrime. Security automation is the key to addressing the cyber skills gap, making cybersecurity pros more productive, boosting the ability of organizations to deal with external cyber threats, and making it possible for high-level executives to see at a moment’s glance what is happening within their security architecture.
“Ultimately, having a comprehensive security automation strategy will maximize an organization’s long-term defense, even though the initial effort required will be significant and the process will be complex,” says James. “Analyzing and prioritizing tasks and processes against goals and risks is key. If an organization recognizes that they have a backlog of patches to deploy and they know that out-of-date patches introduce high risk, carving out time to automate patch deployment is a very wise investment that, in most cases, does not require a huge commitment of resources.”
Going forward, if the cyber-barbarians are truly at the gate, it’s helpful to prepare for this as far in advance as possible. By 2021, as the Juniper report highlights, cybercrime will be a $6 trillion problem. If companies are going to be ready within just three short years and overcome the massive shortfall in IT talent, they will need to turn to robust new security automation tools.