Cybersecurity: Automation the way forward – The Business Times
Wed, Mar 14, 2018 – 5:50 AM
Q: How are organisations benefiting from cyber automation?
Well, one of the benefits is the reduction in operating costs. Juniper has just sponsored a new independent study from the Ponemon Institute that polled over 1,500 IT and security professionals from around the world.
The results showed that the majority were in agreement that automation reduces the man hours required to deal with security exploits and with greater accuracy.
Q: So less man hours mean lower operating costs?
Yes, exactly. The difference in average cost is about US$2.4 million per incident – it costs almost US$3 million versus just over US$600,000 with automation.
Q: While also strengthening the company’s security posture?
Yes, malware alerts are rarely reliable. The study showed an average less than 12,000 malware alerts in a typical week in the respondents’ organisation. Some 21 per cent of these alerts are reliable and 20 per cent of these are advanced persistent threats. Unfortunately, more than 30 per cent of these bypass common Intrusion Prevention System (IPS) or Audio Visual (AV) systems and are detected post infection.
Automation can significantly reduce the costs of capturing, evaluating and investigating intelligence about cybersecurity exploits and malware.
Q: So, that’s seeing improved security and operating costs. What else is driving automation?
The majority of respondents agreed that automation is being driven by migration to the cloud, which can have a laundry list of positive benefits.
Q: So what’s holding organisations back?
Well, complexity is a major barrier to full deployment. Sixty per cent of those interviewed said that the integration of cybersecurity automation within their companies’ existing IT security architectures is “a complex and time-consuming process”.
However, overall, the research shows that most companies are committed to cybersecurity automation at some point.
Q: “At some point.” So, how many of them already have automated tools?
More than half. However, only 20 per cent of respondents say that their organisations’ approach to cybersecurity defence primarily relies on these technologies.
Instead, 34 per cent say they rely primarily on manual activities, and 25 per cent say their approach is “ad hoc” or not specified.
Overall, we see that companies are slow to rely on advance automated tools such as machine-learning and artificial intelligence (AI).
Q: But will IT security professionals eventually be replaced by automation?
No, not any time soon. It will be a slow ramp up to extensive AI use, and all initial deployments will be AI augmented rather than pure AI without human operators.
The survey showed that most senior managers don’t believe smart machines will replace skilled security personnel, and some 71 per cent say that cyber automation will never fully replace human involvement and expertise.
Q: So, what is the likely impact on staffing levels in the foreseeable future?
Low-level tasks will initially be replaced with automation and higher skilled tasks will slowly be replaced by AI. This trend will continue for years, if not a decade or more.
If you look at the survey, 55 per cent of respondents agree that the use of cyber automation will reduce personnel costs and 53 per cent of them said that adoption is driven by the lack of skilled security personnel.
Q: Sui Jin, with all that in mind, what recommendations would you have for organisations looking to take their first steps towards automation?
I would suggest that these organisations first start by doing a cost benefit analysis on their current cybersecurity deployment.
Often, there will be multiple areas that are still covered by manual and error-prone processes but are very critical or have a large impact in the cyber security of the organisation.
There are multiple solutions to automate and augment these operations by AI, and organisations should go for simple solutions that they can quickly deploy without engaging on long complicated bespoke projects.
This is a field that is moving rapidly, and delays will likely make the solution redundant or less effective.
- This interview was first published in The Shield, a microsite by Juniper Networks on cybersecurity and software defined secure network (SDSN).