Page 19 - index
P. 19
A Few Automation Use Cases Where You Can Achieve Early Wins
We see a few use cases where customers can begin to experiment with automation and
achieve some early wins:
• Verification of Network Alerts: Over the last 18 months, many organizations have
deployed network-based sandboxes to gain visibility (detect) “advanced threats.” While
these solutions do provide improved visibility, this is often accompanied by alert
overload.
Additionally, just because a network-based sandbox detects something, it does not
mean that an organization is infected. In this case, organizations can leverage
automation (machine-guided and/or fully automated) to verify whether endpoints are
infected and take the appropriate response. The benefit to organizations is improved
efficiency (reduces chasing of “ghost alerts”) and an improved security posture.
• Automated Removal of Nuisance Malware: In customer deployments over the past 12
months, we have seen that despite deploying numerous security controls, organizations
still spend significant time and resources dealing with high volumes of nuisance
malware. In this area, organizations can leverage automation to remove these threats
serves. The primary benefit here is freeing up your scarce security resources to spend
time on more meaningful alerts/threats.
A recent blogpost by Chris Young, General Manager of Intel’s Security Group, validated the
opportunity to leverage automation to deal with the nuisance malware stating:
“We all can agree that in the landscape we operate in, not all threats are created equal. That’s
why we need to give ourselves permission to stop going after every alert that comes into our
Security Operation Centers with equal focus. Around 98 percent of these events are low priority
– let’s trust automation to handle them. Instead, we should put our talent on the hunt after the
two percent of alerts that are the real problem.”
Automation Requires Integration
The ability to automate threat removal and response inherently requires orchestration which
requires integration. Integration needs to occur both within security solution providers’ own
product portfolios and also between disparate security providers’ solutions.
Despite a revival of the security platform movement from next generation vendors like FireEye
and Palo Alto Networks, I expect many organizations will continue to operate with a best-of-
breed mentality, deploying multiple security solutions.
At the same time, I do expect organizations to look to consolidation to reduce security sprawl
and the associated costs both direct and indirect (i.e. management).
19 Cyber Warnings E-Magazine – June 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
