How automation can help security professionals cope

By Recorded Future

Stu Solomon, Chief Operating Officer of Recorded Future, shares why automation is crucial in security response.

The film ‘The Matrix’ holds striking parallels to the modern security world. Today’s security teams have taken the ‘red pill’, making them hyper-aware of ruthless attackers. They tirelessly defend the organisation - which has taken the ‘blue pill’ of ignorance - from threats.

Overwork and burnout are very real issues for security professionals, who also have to deal with new vulnerabilities from the pandemic. Automation, however, can alleviate security teams’ stresses from taking the ‘red pill’.

GovInsider spoke to Stu Solomon, Chief Operating Officer of Recorded Future, to understand today’s security challenges, and how automation can help to tackle them.

Today’s cyber battlefield

Covid-19 has forced employees out of offices and into their homes, creating new security vulnerabilities. As individuals are no longer working from the same location, opportunities for “communication lapses” are created, says Solomon. Threat actors may take advantage of such oversights to enter a private network undetected.

Employees also may not have the same technical capabilities at home to process “huge volumes of data necessary to make good security decisions”, he adds. As users are granted remote access to secured networks, intrusion activity becomes harder to detect as well.

Cyberattacks during the pandemic have also increased in scale and complexity. Hackers have taken advantage of global fear and uncertainty to carry out malicious attacks. 91 per cent of organisations reported an increase in cyberattacks during the pandemic, according to a recent survey by VMware Carbon Black.

Pre-existing security challenges make today’s situation even more dire, says Solomon. The global shortage of security professionals surpassed 4 million in 2019, according to cybersecurity certifications firm (ISC)2. “There's still a lot of data that needs to very quickly be captured, processed, and analyzed,” says Solomon.

These are issues that have not “materially changed” during the pandemic - thus reinforcing the need for automation in security, says Solomon.

Automation saves the day

Automation helps to tackle these challenges in three ways, says Solomon.

First, automation helps to aggregate data that are “generally unrelated”, Solomon says. It helps security teams answer common questions such as: “Is there more information I should learn about this particular technical indicator? Where is that information and how do I pull it all together?” he adds. This helps security teams decide rapidly on what action to take.

Automation also correlates data with the external threat environment. Security teams can understand how hackers introduced vulnerabilities, their motivations and affiliations, and what else they’re capable of doing, Solomon says. This allows organisations to improve their monitoring and detection capabilities.

Next, automation allows workers to “move further up the value stream to do more unique, one-off, and complex work”, says Solomon. It is sometimes “inherently inefficient” to have a human in the middle of certain security processes, he explains. When a machine takes over the work, it frees up “very scarce human resources with unique expertise to solve more difficult, one-off problems.”

Lastly, automation can integrate machine learning and artificial intelligence to create correlations between disparate information, says Solomon.

Recorded Future’s technology calculates risk scores based on their existing threat intelligence.

The scores give security teams “confidence to act on that intelligence,” Solomon says. Everytime the score hits its limit, it triggers an automated security response.

The risk scores also help security teams prioritise the most urgent events. They can focus on addressing the most urgent threats first, and reduce the time spent chasing false positives.

Before automating security processes, however, Solomon says an organisation needs to fully understand the processes that are going to be automated. “You can't effectively automate or orchestrate a scenario that isn't already a well defined process,” he adds.

The onus lies on decision-makers to understand the data flow that they're trying to automate, Solomon emphasises. Only then will the full potential of automation be unlocked.

Though The Matrix was released over 20 years ago, some things still hold true: ‘shape-shifting’ hackers are waiting for a moment to strike. With automation, however, security teams are well-equipped to defend their ‘Zion’ from ruthless cybercriminals.