4 minute read
WHY AUTOMATION IS A GAME CHANGER FOR SECURITY
from OUTLOOK 2022
by cxoinsightme
HADI JAAFARAWI, MANAGING DIRECTOR – MIDDLE EAST, QUALYS, MAKES THE CASE FOR AUTOMATION IN CYBERSECURITY.
The cybersecurity industry, unfortunately, cannot claim to be in the business of good news. Threat actors ensure that we are continually warning of new vectors and techniques and advising new approaches to combat them. It is hardly controversial to suggest that COVID-19, apart from its horrendous impact on public health and population welfare, has impacted the ability of companies to keep their customers and employees safe from cyberattacks. Fresh complexities in the architecture of corporate technology organisation faced, and attributed the surge directly to remote work.
Advertisement
In November last year, Dr Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government again spoke of a cyber pandemic, having previously used the term publicly in December 2020 after reporting that the country had seen a 250% increase in attacks because of remote working.
infrastructures have left IT and security teams in catch-up mode — confused, overworked, and underequipped.
In a short break from doom and gloom, a PwC global poll shared some good news. It showed around 69% of organisations are planning to increase their cybersecurity budgets in 2022, and more than a quarter (26%) plan increases of 11% or more. Such action will be vital in the United Arab Emirates (UAE) where, according to a VMware report, 80% of security professionals reported increases in the number of attacks their
The persistence of skills gaps
The Middle East has now-famous skills gaps in key technology areas at a time when technology is the answer to
almost all public and corporate issues, from governance to operations to monetisation. But cybersecurity stands out as perhaps the most critical gap at a time when organisations have moved to the cloud in vast numbers and turned IT environments on their heads. Server farms are now multi-cloud ecosystems. Vetted, regularly patched corporate PCs are now rogue personal devices of unknown pedigree.
Automation can plug some of these gaps. Attackers move quickly and adeptly, so the modern threat hunter cannot afford to rely on traditional patching cycles. Automation is a means to speed up many standard tasks and reduce execution errors. On the IT side of the equation, we see a lot of acceptance of automation. Measurable cost savings and proven efficiencies have driven more and more of it.
To embrace automation at scale, the entire cybersecurity discipline may have to unlearn what it has learned and break with tradition. DevOps teams are unafraid to break and fix, break and fix, break and fix — employing an iterative approach to the improvement of an end-product. Security teams, however, are trained to minimise impact and ensure that every tool they use does not interfere with the infrastructure at large. Automation can help regional firms plug their security skills gaps, but only if they adopt the same experimental mentality of break and fix.
Measure twice; cut once
Cloud environments allow patches to be tested in isolated environments at reasonable costs. Only patches that are found to operate smoothly in existing setups will be rolled out. Similar methods are already in service in DevOps, so they have already proven themselves as a viable means of introducing automated patching. Systems can identify a vulnerability, deploy a patch to a test environment, observe its progress in that environment and report any issues to a human actor. If there are none, live deployment can follow, either with the okay of the human decision-maker, or automatically if adequate trust in the digital patching agent has been established.
Automated cybersecurity is perhaps the only way to address the issue of work-from-home (WFH) endpoints. Any device that joins the corporate network is a risk. And home devices may even be used by more than one person, each of whom may work for a different organisation. When patching directly from the cloud is the only practical approach, automation is the natural next step.
This is where we can start to discuss some good news. Automation enhances an organisation’s threat posture. Vulnerabilities are being addressed as soon as fixes become available, without the need for cumbersome human-based workflows. And as this good news spreads across the region — that automation can reduce costs, make baseline security practices more efficient and subsequently enhance security postures and make compliance an easier proposition — trust in automation will grow.
The right platform
The right cybersecurity platform will be able to monitor multiple data points to ensure that no telemetry is overlooked, leading to less false positives and the elimination of socalled “alert fatigue”. Organisations that get serious about security automation should start by using DevOps to build new infrastructures. Also, zero trust is getting a lot of traction in the region, and automation can be a great supporting element in its implementation. Automation of data collection and analysis is also critical, especially as it relates to asset discovery. And of course, automated processes can help with the emerging cloud and container trends we are seeing.
Today, the case for strong cybersecurity scarcely needs to be made. Most line-of-business executives read and watch news. They have seen the results of less-than-optimal threat postures, and how they can affect some of the largest corporates on the planet. Regionally, I expect 2022 to reflect the polls and be a transformative year for cybersecurity — the year when automation becomes a standard practice and security teams are finally freed up to go the extra mile and secure our digital estates once and for all.
