Rahn Wakeley from Qualys explains how automation can help address shortcomings in the cyber security landscape.
The cyber security industry, unfortunately, cannot claim to be in the business of good news. Threat actors ensure that we are continually warning of new vectors and techniques and advising new approaches to combat them.
It is hardly controversial to suggest that COVID-19, apart from its horrendous impact on public health and population welfare, has impacted the ability of companies to keep their customers and employees safe from cyber attacks. Fresh complexities in the architecture of corporate technology infrastructures have left IT and security teams in catch-up mode — confused, overworked and underequipped.
In a short break from doom and gloom, a PwC global poll shared some good news. It showed around 69 per cent of organisations are planning to increase their cyber security budgets in 2022, and more than a quarter (26 per cent) plan increases of 11 per cent or more. Such action will be vital in Australia, where according to the annual threat report by the Australian Cyber Security Centre (ACSC), it has been revealed over 67,500 cyber crime reports were made in the last financial year, a jump of 13 per cent on the previous 12 months.
The persistence of skills gaps
Australia has now-famous skills gaps in key technology areas at a time when technology is the answer to almost all public and corporate issues, from governance to operations to monetisation. But cyber security stands out as perhaps the most critical gap at a time when organisations have moved to the cloud in vast numbers and turned IT environments on their heads. Server farms are now multi-cloud ecosystems. Vetted, regularly patched corporate PCs are now rogue personal devices of unknown pedigree.
Automation can plug some of these gaps. Attackers move quickly and adeptly, so the modern threat hunter cannot afford to rely on traditional patching cycles. Automation is a means to speed up many standard tasks and reduce execution errors. On the IT side of the equation, we see a lot of acceptance of automation. Measurable cost savings and proven efficiencies have driven more and more of it.
To embrace automation at scale, the entire cyber security discipline may have to unlearn what it has learned and break with tradition. DevOps teams are unafraid to break and fix, break and fix, break and fix – employing an iterative approach to the improvement of an end product. Security teams, however, are trained to minimise impact and ensure that every tool they use does not interfere with the infrastructure at large. Automation can help regional firms plug their security skills gaps, but only if they adopt the same experimental mentality of break and fix.
Measure twice; cut once
Cloud environments allow patches to be tested in isolated environments at reasonable costs. Only patches that are found to operate smoothly in existing set-ups will be rolled out. Similar methods are already in service in DevOps, so they have already proven themselves as a viable means of introducing automated patching.
Systems can identify a vulnerability, deploy a patch to a test environment, observe its progress in that environment and report any issues to a human actor. If there are none, live deployment can follow, either with the okay of the human decision-maker, or automatically if adequate trust in the digital patching agent has been established.
Automated cyber security is perhaps the only way to address the issue of work-from-home (WFH) endpoints. Any device that joins the corporate network is a risk. And home devices may even be used by more than one person, each of whom may work for a different organisation. When patching directly from the cloud is the only practical approach, automation is the natural next step.
This is where we can start to discuss some good news. Automation enhances an organisation’s threat posture. Vulnerabilities are being addressed as soon as fixes become available, without the need for cumbersome human-based workflows. And as this good news spreads across Australia – that automation can reduce costs, make baseline security practices more efficient and subsequently enhance security postures and make compliance an easier proposition – trust in automation will grow.
The right platform
The right cyber security platform will be able to monitor multiple data points to ensure that no telemetry is overlooked, leading to less false positives and the elimination of so-called “alert fatigue”. Organisations that get serious about security automation should start by using DevOps to build new infrastructures.
Also, zero trust is getting a lot of traction in the region, and automation can be a great supporting element in its implementation. Automation of data collection and analysis is also critical, especially as it relates to asset discovery. And of course, automated processes can help with the emerging cloud and container trends we are seeing.
Today, the case for strong cyber security scarcely needs to be made. Most line-of-business executives read and watch news. They have seen the results of less-than-optimal threat postures, and how they can affect some of the largest corporates on the planet. I expect 2022 to be a transformative year for cyber security – the year when automation becomes a standard practice and security teams are finally freed up to go the extra mile and secure our digital estates once and for all.
Rahn Wakeley is the CISO - Asia-Pacific at Qualys.