Page 56 - index
P. 56
Security Automation: Three Ways to Respond to Cyber Attacks
by Paul Nguyen, President, CSG Invotas
Cybercrime is a growth industry, a fact that shouldn’t be a surprise to anyone reading this. In the
U.S. alone, losses to cyber attacks is growing to the point that they make up more than half of
one percent of our national GDP. Yet in spite of these numbers and media attention garnered by
each high visibility breach, our fight to secure our customer data and intellectual property
appears to be a losing one.
The reasons are many: skilled cyber defenders are in short supply, and those we do have are
faced with defending their networks against crippling attack volumes, as well as the persistent
threats that grow in complexity and scale every year. Worse, the organizations we’re
commissioned to defend are often not willing or capable to make the necessary internal
changes to give their security teams firm ground to fight from.
I believe the solution to the threats we face will only be met through a combination of security
automation and workflow management. Together, these approaches bring with them the same
kind of mutually supporting effects that our attackers have been using against us for years.
When you’re an attacker, time is your friend. You can be patient and strike with precision when
you’re ready. But the moment you step on the other side of the firewall, everything changes.
Defenders have massive amounts of surface area to worry about, countless assets to protect,
and all of these well-intentioned business processes and procedures that must be followed
while we do it.
Simply put – it’s too much. Attackers move with machine speed, and defenders just can’t keep
up.
I don’t want to make this sound like it’s simple – it’s not. But I believe there are three things you
can do to get to this level of security automation within your own organization.
Understand the inefficiencies in your own response plan
What slows down your response to threats? In many cases, it’s the human element we’re
fighting against. Our need to triage problems, document our findings in trouble tickets, and seek
approval to act. Our security teams don’t have the agency to unilaterally move against threats.
There are change control boards to meet with, executives to brief, and audit trails to keep. But
how much of this can we parse out and workflow into something faster?
Identify mechanisms to automate the incident process at a human level
A recent client of mine was facing a simple security problem. They had a workforce that was
highly mobile and mostly remote, and all of them utilized a corporate VPN when they were
traveling. As you can imagine, there were a lot of infected machines that found their way onto
the network. Once logged on, these malware-infected systems would start passing malicious
command and control traffic. For this particular client it made up about 30 percent of their overall
56 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
