WH IT E PA P E R Security Automation: Time to Take a Fresh Look The defenses are in place, but the war is not yet being won. Market Pulse Security automation has made great strides over the Indeed, the barriers that organizations have erected to years, and companies should take a fresh look at the combat data security breaches are proving inadequate as potential benefits. Whereas companies once were uneasy companies are, in many cases, either losing ground in the about automation for fear of inadvertently denying access security battle or simply standing still, according to a new to legitimate users—with the ultimate example being survey from IDG Research. Among companies surveyed, the CEO—today such technology can be effective at an 61 percent are seeking to strengthen their defenses. The enterprise scale. Additionally, the cost benefits of deploying survey points to a way forward: the automation of security automation have not been well understood. They include workflows and processes to enable faster, more effective making better use of security expert’s time, which is a responses to potential breaches, helping companies reduce scarce and expensive resource, to minimizing the financial risk and turn the tide in the security conflict. impacts of data loss and damage to the corporate brand. The survey, conducted in December 2013 and January Of course, rapidly achieving maximum benefits means 2014, shows most companies dedicate the majority of choosing the right solution, one that has been proven in their IT security resources—60 percent—to protecting the the largest, most demanding environments. CSG Interna- network layer, which seems logical given most attacks tional’s Invotas fits that description. CSG Invotas has long come in through the network in some fashion. been bringing its automation solutions to telecommunica- But the current approach appears to be of limited effectiveness, as the vast majority of respondents report that tions carriers and is now ready to tackle the enterprise automation. neither the number nor severity of security breaches is going down. What’s more, attacks often take a long time BREACHES BY THE NUMBERS to detect—46 percent of respondents report an average The need for a new approach is clear. The IDG Research detection time of hours or days. Attacks take even longer survey shows most companies are not gaining ground to resolve, with 54 percent reporting average resolution against the security problem. For just over half the respon- times of days or months. dents, both the number and severity of security incidents A majority of companies surveyed are looking for ways remained flat in 2013 as compared with 2012. But 28 to reduce response times to security events in an effort to percent of respondents say the number of security events mitigate risk, preserve corporate reputations, and protect or breaches increased in 2013 while 24 percent report that customer data, among other goals. Some have already the severity of incidents increased. For only a small minority adopted security automation as a way to help address the of respondents did the number or severity of incidents issue, but many remain uncomfortable with the idea of decline last year. enabling automated responses to security threats. If current security defenses were truly effective, it would be logical to expect both the number and severity of security events and breaches would be going down. To further exacerbate the problem, breaches are taking too long to detect. A combined 39 percent of respondents say they can detect a security breach within seconds or Market Pulse 2 SECURITY AUTOM AT IO N: T IM E TO TA KE A F RE S H L O O K are essentially flawed. Ultimately, we Time Spent on Each Process Ensuing a Security Event 50 are in a world of hurt when it comes to being able to respond logically to hacking events or denial-of-service 48% attacks. We don’t always make the right mental connections.” 40 37% % of respondents 35% 30% 29% 30 Detection Diagnosis Resolution for Phenix, which is in the process America to carry oil from the Atlantic 20 coast to the Pacific. He has about 2% 1% Seconds Minutes Hours 40 years of IT experience, including 13% 11% 11% 9% 10% 3% 0 network and security architecture of building a pipeline across Central 25% 10 Perrin is currently designing the Days 4% Weeks 6% many years as a consultant for clients 3% 4% Months Elapsed time such as the State of Minnesota and the U.S. Navy. In terms of barriers to automation, he sees satisfaction with the status SOURCE: IDG RESEARCH SERVICES, FEBRUARY 2014 quo as a top contender. “Even some of the best clients I’ve had over the years will say, ‘This thing has worked well for minutes. That leaves a whopping 61 percent who say it a long time, we don’t want to change it,’” Perrin says. But takes them days, weeks or months to detect a breach—or today’s security operations are all about anticipating new they simply don’t know how long it takes. problems, not just dealing with old ones. It’s a similar story with respect to diagnosis of security “Those guys have nothing better to do and all the time in breaches and resolution, with only 10 percent of respon- the world to dig into my system and beat it to a pulp,” dents reporting they’re able to resolve issues in seconds he says. “We need to be preemptive.” or minutes; 54 percent say it takes days, weeks or months. The top barrier cited by survey respondents (56 percent) is cost. But other barriers cited speak more to respondents’ RELIEF WANTED own insecurities and lack of security knowledge than any Given such performance, it’s not surprising that respon- technical issue with respect to security automation. dents are seeking ways to reduce response times to Consider the second-largest barrier: difficulty in tiering security events, for reasons including risk mitigation and to security processes or determining what ought to be preserve their corporate reputation. (See chart above.) automated, cited by 37 percent of respondents as at least A good number of respondents, 25 percent, say they’re somewhat of a barrier. This barrier reflects a lack of internal very comfortable with the idea of automating some security insight and expertise about an organization’s own security workflows and processes and do so as much as possible. processes, which is understandable, given security opera- Another 57 percent say they’re somewhat comfortable with tions today is a complex discipline with potentially dire automation for low-level and a few high-level processes, consequences for failure. but they want a human involved at some point. Survey respondent Bruce Perrin, COO and acting CIO for Phenix Energy Group, in Palm Harbor, Fla., is in the comfort- Likewise, the next three most-frequently cited barriers in the survey are not technical in nature: ■ Insecurity over current security processes and proto- able camp when it comes to security automation. “I think cols (35 percent): indicating a need for expert review and it’s absolutely necessary,” he says. “We as human beings guidance on how best to standardize processes and proce- 3 Market Pulse SECURITY AUTO M AT IO N: T IM E TO TA KE A F RES H L O O K 14 percent have automated more than 50 percent. Percent of Security Workflows Currently Automated 25 23% 20 % of respondents A NEW APPROACH TO SECURITY AUTOMATION 19% To do better, many enterprises will need some help. CSG Invotas is in a position to provide it. < 30% > 30% CSG Invotas takes a new approach to security 18% automation, focusing on the orchestration of 14% 15 security responses required to quickly and accurately get to the root of a security issue. Using CSG Invotas software and accompanying services 11% 10 9% expertise, companies can gain the ability to automatically manage, coordinate and configure actions in response to security events in their 5 networks. 2% 0 CSG Invotas enables customers to automate 0% 1-10% 11-20% 21-30% 31-40% 41-50% >50% as few or as many security tasks as they like, depending on their requirements and level of % of automation SOURCE: IDG RESEARCH SERVICES, FEBRUARY 2014 comfort with automation. Some may opt for a fully automated response where, for example, a firewall event triggers an intrusion detection/intru- dures for effective security automation. ■ Lack of coordination and communication typically sion prevention system (IDS/IPS) to block a given port for a certain IP address; the system then sends a trouble ticket triggered by a security event (35 percent): indicating a need to alert security personnel of the incident. Others may for greater orchestration among a multitude of human and want more human interaction, such as the same series of network resources during the detection, diagnosis and events is triggered only after a security professional gives response stages of an event. the green light. Still others may want to be presented with ■ No personal accountability (32 percent): indicating a series of options for actions they might want to take in a fear that it would be unclear who “owns” automated the face of a specific security incident. With CSG Invotas, security responses. any mix of the above is possible, and responses can vary These responses indicate that implementing security depending on the type of incident in question. automation is less about technical issues than it is about Customers can also map out a series of preplanned educating an organization’s security staff on the best way actions to take should certain security events occur, and to approach it, including which processes are best candi- then either implement them automatically or with human dates for automation and what proven processes and intervention. protocols to apply. Perhaps that’s why there appears to be some optimism Another differentiator of the CSG Invotas solution is its scale. CSG Invotas Security Orchestrator Solution has been that effectively deploying security automation to realize proven in the telecommunications industry, among the tangible benefits in cost, efficiency and response times is largest and most demanding networks in terms of reli- finally an attainable goal. ability requirements. That means CSG Invotas solutions are That optimism will be needed as there is much work carrier grade, having been thoroughly tested and proven to be done. A significant majority—62 percent—of to be reliable. They are highly scalable, able to process organizations have automated less than 30 percent billions of events daily. The solutions are also architected for of their security workflows. (See chart above.) Only interoperability, able to deal with the heterogeneous mix of 4 Market Pulse SECURITY AUTO M AT IO N: T IM E TO TA KE A F RES H L O O K security tools customers already have in place. Such attributes are crucial for security automation in Moreover, automation reduces security costs in a number of ways. For one, it offloads mundane tasks from large or growing enterprises. The systems must be available security professionals, enabling them to focus on more at all times because, as Perrin suggests, attackers seem- vexing problems. ingly never sleep; you simply never know when an attack Security requires attention 24/7, Perrin notes. “If I can may occur, so organizations must be always vigilant. cut that in half, we’re talking a staggering amount of Performance is crucial because as networks grow ever money,” he says. “Seventy percent of what security profes- larger, the system must be able to effectively and accu- sionals do could be done completely automatically, giving rately process an increasing number of events. And them more time to do things that are more important.” interoperability is a must if the security platform is to And if you can reduce the number of security breaches provide unified, consistent control across a series of point through automation, you reduce the risk of data loss, which security solutions, from firewalls and IDS/IPS to antivirus again can amount to staggering amounts of money given and security information and event management (SIEM) the potential cost of a single breach. tools and more. TAKE A FRESH LOOK AT AUTOMATION BENEFITS OF SECURITY AUTOMATION CSG Invotas has a team of experienced security specialists The increasing complexity of IT environments, coupled who will work with you to implement a security automation with the growing frequency of security threats, demands plan that makes sense for your company. They will assess that companies automate more functions to keep up. your current security operations and infrastructure and And the benefits they will gain by doing so are significant. identify the opportunities for automation that deliver the Automation provides the ability to respond far more greatest immediate benefits in shortening defense times rapidly to security alerts, no matter whether it takes the and reducing effort on the part of your security staff. By form of allowing the system to respond on its own to working with the tools you already have in place, they will security incidents or suggesting a course of action for a also allow you to maximize the return on investment you’ve human to take. The technology will reduce response already made in your security infrastructure and staff. times to seconds or minutes—enabling far more compa- In so doing, CSG Invotas allows enterprises to overcome nies to join the 39 percent of survey respondents who can many of the traditional stumbling blocks to security automa- already respond that quickly. The faster companies can tion, including the number one factor cited by IDG survey respond and shut the door on attackers, the less risk they respondents: cost. Offloading mundane security tasks face of compromised system and data confidentiality, from experienced security personnel will actually save integrity and availability. you money by allowing them to focus on more important Enterprises can also become less predictable targets through automation. Security orchestration solutions security issues. What’s more, you can implement as little or as much enable organizations to apply deceptive defensive tech- automation as you’re comfortable with. Start small if you niques at scale and in near real time. Such tactics serve to like, and automate more as the system proves itself and disrupt an attacker and significantly increase their efforts you gain confidence. required to attack. CSG Invotas software can also be used And don’t worry about scale, as CSG Invotas software is to deploy a honey pot to distract and trap the attacker, proven to be reliable and effective even in the largest, most keeping him away from your assets. demanding telco networks worldwide. ■ To learn more about how CSG Invotas can bring automation to your security infrastructure, visit WWW.CSGINVOTAS.COM
© Copyright 2024 ExpyDoc
