Automation has always played a role in cybersecurity. If you think about basic antivirus software, it typically works in the background, automatically scanning devices for aberrations that might indicate the presence of malware or other intrusions.
But we are long past the days when basic antivirus software could offer the breadth of protection required to meet the challenges of today’s highly sophisticated threat environment. We are at a turning point in the use of automation in our overall approach to cybersecurity.
We must ensure that we are using automation, as well as machine learning and artificial intelligence, to simplify and accelerate our ability to respond to attacks. Our security operations centers (SOCs) are under constant siege, and they can no longer rely on manual operations to deal with attackers who are using automation to scale at an unprecedented pace. If we don’t automate our SOCs to reduce complexity, we simply can’t keep up.
We must also ensure that we can build automation into cybersecurity as forethought and not just as afterthought. This will allow us to reduce the pressure and complexity involved in detecting and responding to attacks as our adversaries become more innovative.
This critical shift toward embracing automation is a function of the growth of our digital world, which changes the ways in which we are attacked and the ways in which we must detect, predict, and respond to attacks. Our adversaries can access the same inexpensive compute resources that are available to us in the cloud. They can go to the dark web and buy tools that are both inexpensive and highly effective.
Because these adversaries have easy access to compute resources, they can scale exponentially, using automation to launch attacks on a massive scale. In addition, they can leverage technologies such as machine learning and artificial intelligence to be more agile and innovative. And motivation has perhaps never been higher, with the participation of nation-states not just out for money but to generally wreak havoc wherever possible.
This paradigm is not going to change, so organizations have to change their approach to cybersecurity and automation. At Palo Alto Networks, we often talk about using machines to fight machines. There is a simple reason for this approach: It is truly the only way to deal with today’s threats.
When our adversaries can scale their resources simply, exponentially, and inexpensively by adding more compute power, we can’t respond by hiring more and more people. It’s an equation that doesn’t work. The only way is to respond in kind, leveraging automation in our SOCs so we are fighting machines with machines.
For business leaders and board members, this means being prepared to ask the right questions of cybersecurity leaders and to instill a culture of cybersecurity that starts right at the top. From a practical standpoint, critical questions to ask include:
Is the organization incorporating automation at every step of cybersecurity? This often starts in the development of new applications and services. If cybersecurity is not included early through approaches like DevSecOps, it will be harder and more expensive to add automation capabilities later in the process.
Is the organization using automation to correlate data, and does it have the technology foundation to ensure that the data is complete and current—i.e., from every possible source, including endpoints, networks, and multiple clouds (public, private, and hybrid), as well as all mobile devices, including those in the internet of things?
Can the SOC access a centralized, holistic view of all activity, leveraging automation to reveal the root causes of attacks with actionable forensic detail to accelerate and streamline event triage, incident investigation, and response?
Do your cybersecurity tools leverage machine learning and artificial intelligence to empower security analysts to reduce complexity by shifting from manual investigation to proactive protection? Do these tools allow the SOC to respond faster to attacks with deeper insights, allowing the organization to reduce risk by keeping pace with the volume and sophistication of today’s advanced threats?
As a business leader, whether in the boardroom or executive suite, cybersecurity is becoming a more critical factor in ensuring that you meet your fiduciary responsibilities to the organization. By staying informed about key cybersecurity trends, such as automation, and asking the right questions of your teams, you can play an active role in setting the right tone and culture for your organization.
Are your cybersecurity security teams fighting machines with machines? Are cybersecurity and automation integrated into your development processes? Are your SOCs leveraging automation, machine learning, artificial intelligence, and other modern technologies to strengthen protections, reduce complexity, and lower risk?
Why automation, why now? For cybersecurity, it’s no longer a question; it’s an imperative.
Lucas Moody is vice president and chief information security officer at Palo Alto Networks. He leads efforts to protect the company’s information and technology assets while partnering with product management to contribute to continued product innovations.