SECURITY

Automation in Cybersecurity Key to Addressing Growing Risks

IT security teams are overextended and understaffed, and security risks are occurring more frequently than ever before. With our best experts stretching themselves on the analysis of low-tier security alerts, they’re unable to properly use their skills on bigger security issues. Automation is being used more in large Australian companies than ever before in order to help them optimise their day-to-day operations, working smarter and more efficiently as a result.

According to a recent report by McKinsey, automation and artificial intelligence present an enormous opportunity for national and personal income growth and could add up to $4 trillion to Australia’s economy. While some jobs will be lost and others created, jobs will change as technology continues to disrupt expectations and automation technologies integrate more into the workforce. In fact, it’s estimated that 25-45% of current work activities in Australia could be automated by 2030.

MeriTalk Research shows that the average cyber threat exists on networks 16 days before teams identify it, with teams often reacting to the threats instead of proactively defending against them. Malware is still a commonly encountered attack type, and Australian organisations are beginning to realise that actively hunting for threats helps to strengthen their defences.

Embracing the Chaos

When implemented properly, automation can make meaningful, positive changes to cybersecurity processes, considering the challenges that cyber professionals face. There is a lot of chaos brought to us by the increasing amount of cyber threats, big data and security alerts, and they need help to make sense of all the digital exhaust from the digitized world we are living in. They need advanced capabilities and capacity to respond to an overwhelming number of alerts, especially with so many false positives—errors made when a protection solution incorrectly labels clean items as malicious. This leads to them being quarantined, blocked or deleted, wasting valuable time.

A Security Operations Centre (SOC) is the important starting point of implementing automated processe, and at Splunk, we believe that by 2020, 90% of routine tasks be automated. This includes the operation of security equipment that detects and defends against cyberattacks, detailed analysis of alerts and events emitted by equipment, and analysis results based on a wide range of events, including the identification of suspected threats and the implementation of countermeasures.

Automation is Turning the Corner

Many industries stand to benefit from the use of automation in cybersecurity, including hospitals, banks, power plants, airports and air traffic control along with traffic controls. By removing outdated and mundane tasks such as input of data and real-time monitoring, organisations can improve customer experience and revenue while closing the gap on cyber exposures.

Machine learning-based detection technology such as UEBA, orchestration and automation solutions are key in providing the ongoing support the security team needs to detect and respond at machine speed, which would be impossible to respond to manually. In order to automate incident response operations, improve response speed and efficiency, there is a need to relook at security infrastructure and deploy analytics in order to stay ahead of the threat and attack landscape.

With a real shortage of security talents globally proving to be a cause for concern for SOCs, the automation of business operations will address the gap and provide security professionals with more important roles within an organisation. Automation is key to retaining and recruiting the best IT talent down the line, as their efforts will no longer be spent on routing security incidents and cyberattack detection tasks, instead allowing them to focus more on investigation and analysis of more complicated security events with their experience.

With cyber threats and the demands on security operations on the rise, organisations can reinforce their defence strategy and retain critical IT talent by integrating automation technology into their infrastructure.

Simon Eid
Posted by

Simon Eid

Managing Splunk’s business across Australia and New Zealand, Simon is tasked with owning the sales strategy, culture, leadership and people management of the sales operation. He has more than 25 years of experience in IT sales and business management. Prior to working at Splunk, Simon held sales and management positions at a variety of enterprise technology organisations, including Dell EMC and Symantec. Simon is based in Melbourne, Australia.

TAGS

Automation in Cybersecurity Key to Addressing Growing Risks

Show All Tags
Show Less Tags

Join the Discussion