2021 Cyber Security Automation Top Action Items

Add bookmark

Seth Adler
01/13/2021

Budgets are flat or down thus finding monetary resources for new tools is especially difficult at the moment. At the same time, threat actors are utilizing more and more automation tools to breach organizations. What can a CISO do to ensure “forward defense” given that business and cyber landscape?

Cyber Security Automation Budget

“First, understand what's really meant by automation at your organization. Understand what is a good fit for your company because you may not have budget for the top automation tools. Maybe you can start instead, by doing an inventory on the tools you have- know what your landscape is first. Get the pain points in place. So that means analyze the process. Start with processes and process inventory, get the quick wins, then make the business case. You need use cases, to get the money to implement automation tools at scale.”

Gauging the cyber security maturity of the enterprise is a first step in realizing where automation resources can be employed. With that knowledge in place, no matter where the organization sits on the maturity spectrum- the next (first) step into automation is a baby-step. Net automation wins through proof of concept with tools. With PoC(s) under the belt, the cyber security team can prove out the necessity for an automation tool. That automation tool can either get current budget allocated to it, or unleash new dollars to the cyber security team if presented correctly to the right leadership and board.

 

Automation Budget Via Regulatory Compliance 

“In the financial sector, there's a lot of SOX (The Sarbanes–Oxley Act of 2002 enacted July 30, 2002, more commonly called Sarbanes–Oxley, Sarbox or SOX) relevance to those controls that are in place. When you can automate what is today a manual process, you're not only taking care of some of those SOX controls, but you're eliminating the opportunity for human error. Giving somebody access to things that they shouldn't have access to, or vice versa, either in one case they can't do their job, in any other case, they can be an insider threat.”

Saving time and energy in complying with regulatory requirements is a great rationale for allocating resources for automation. If the potential mitigation of additional vulnerabilities can be offered simultaneously it makes the decision even easier.

 

Automation To Meet The Pace Of Change And Volume Of Threats

“You need to embrace it. It's the only way that you're going to start to keep up with the pace of change and the volume of threats and threat actors that are coming through. Automate as much of the incident response process that you can and automate as much of the actual remediation actions where possible as you can as well.

For organizations further along the cyber security maturity curve, automation incident response and remediation is key. A few keys in automating these key functions is to ensure that there is good human oversight, rule-making and management of exceptions. Additionally, automation should not be the only tool being used for incident response and/or remediation. Finally, automation is not a set-it-and-forget-it initiative. Just as quickly as automation (of anything) is put in place, things change. The ongoing management of all automation projects is arguably more important than the implementation of automation projects.  

 

No Skillset, No Automation. Yet.

“The challenge is that we don't necessarily have the skillset internally. Automation opportunities are absolutely there but we're going to require third-party assistance to help write those things for us. So, it goes back to funding for internal talent to be able to effectively manage automation.”

If the ongoing management of all automation projects is arguably more important than the implementation of automation projects do not implement an automation project if the talent is not present to manage the project. First get the talent, then give the talent the tool.

RECOMMENDED