Story image

Effective security needs a balance of both humans and robots

30 May 2018

IT security professionals face an uphill battle these days. Tasked with protecting their organisations from myriad cyber threats, they find themselves fighting more battles with constrained resources.

As a result, many are turning to security automation tools to provide a first line of defence. These robotic tools offer the ability to stop threats in their tracks while also shielding security staff from endless alarms and letting them focus on more value-adding tasks.

They also assist in overcoming the ongoing skills shortage in the cybersecurity space. More work can be completed with fewer humans, without compromising security levels.

The power of automation

Robotic automation can play a key role within any IT department. The tools can quickly contain thousands of potential threats while human analysts examine the details of significant incidents, work out how to tackle them, and determine how they can best prevent a similar threat occurring in the future. Additionally, automation tools can create comprehensive incident reports that can, in turn, be used to improve future responses.

The tools also free staff from many mundane monitoring tasks. Because they are no longer under pressure to respond to each and every alarm, they can instead investigate threats more thoroughly. Staff can also develop ways to test the effectiveness of their organisation’s security capabilities, through stress testing and simulation exercises.

The robots also give security analysts more time to get up to speed on the latest threats and improve their technical skills. This, in turn, improves the overall security expertise within the organisation and helps it move from a reactive to proactive stance. They also let security staff deal with genuine threats more quickly and reduce the opportunity for problems to intensify.

Humans still required

However, the threat environment is extremely complex and constantly evolving. While robotic automation is incredibly sophisticated and getting better, it's not foolproof.

One big issue is false negatives. While these can be largely eliminated through effective fine-tuning of automation software and workflows, it demonstrates that solely relying on algorithms would be a big error.

Instead, robotic automation should be treated as a tool that can help security staff operate more efficiently and make the most of available resources. They should, however, never become a substitute for human expertise and experience.

To be effective, security teams need to perform a robot-and-human balancing act to ensure that human intervention remains a major part of the threat detection and resolution equation.

Automating too much of the workload will quickly cause problems. It will mean that threats that are outside the experience of the machine learning software could go undetected or aren't investigated properly. Over automation could also mean unusual but legitimate user activity that isn't a threat could be blocked, creating more work for security teams and frustration for users.

At the same time, automating too little of the workload will cause issues as well. It will lead to security teams continuing to feel the strain and being unable to do their jobs properly. Again, this could result in threats being missed or a security team that isn't as up to speed on security developments as it needs to be.

It must be remembered that the security skills humans bring to the equation remain a vital commodity, and the security skills shortage being experienced in many areas is widely acknowledged as a problem that automation alone can't fix.

According to recent research by the Enterprise Strategy Group, the security skills shortage is most acute in the area of security investigations/analysis (nominated by 31% of respondents), application security (31%) and cloud security (29%). These areas can't be taken care of by automation tools, and the expertise and adaptability that humans bring remains vital.

While robotic automation delivers the ability to flag and contain threats and prioritise them for further investigation, the tools can't investigate threats to the extent that human analysts can, or take the action needed to remove them from the network and repair the damage that has been caused.

Also, when it comes to security for specific applications (both on premises and in the cloud), specialist skills are required to ensure systems are set up correctly and that the activity that takes place within them is appropriately managed.

The role of automation in security operations is certain to continue to grow, however organisations need to ensure the correct elements are automated and that human intervention remains a key part of keeping the organisation safe.

While the abilities of automation tools will evolve and expand, it remains important that all organisations get the balance right between robots and humans. Working together, they can provide the best possible IT security protection.

Article by LogRhythm senior regional marketing manager Asia Pacific and Japan, Joanne Wong.

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."