It’s no longer enough to declare security is important for your organization. If that’s true, you’re also automating as much of your posture as possible – otherwise, you’re losing ground to cybercriminals and other threats.
“If security is a priority for you – it is, isn’t it? – automating that security had better be a priority as well,” says Gordon Haff, technology advocate, Red Hat.
[ Also read Security in 2023: 6 trends for IT leaders. ]
This isn’t a doom-and-gloom story. It’s more like a call to arms among IT and security leaders. And the good news is that a growing number of them are definitely listening.
Security was the overall top IT funding priority in Red Hat’s 2023 Global Tech Outlook – and Haff points out that it emerged as the top digital transformation priority as well.
The survey also looked at IT operations automation priorities, a category that Haff notes has typically been dominated by things like configuration management in the past.
In 2023, security automation has emerged as the top automation priority. Let’s unpack the major reasons why – and why you should be considering security automation if you’re not already doing so.
You can’t necessarily circle a date on the calendar when it became so, but suffice it to say that the largest organizations with the deepest resources are well past the point of being able to handle IT security with human effort and ingenuity alone. The volume and variety of threats and risks are simply too massive and too dynamic.
“There’s no other way to handle the scale, gain repeatability, and make security processes continuous without automation,” Haff says.
Even the old stalwarts of IT security – endpoint protection, say, or intrusion detection – require increased automation to be effective today, in part because the speed and severity of potential breaches continue to outpace the capabilities of people alone.
"There are just too many security breach opportunities and endpoints for organizations to have any excuse for being slow to implement requisite automation right now,” says Dan Makim, software engineer at Beachhead Solutions, adding that security automation needs to be implemented as early as possible in processes. “The right strategy here can be especially critical for thwarting incidents where manual intervention would be far too late to be effective.”
Security automation done right doesn’t usually mean replacing human intelligence and ability – rather, it aims to give people the requisite power to strengthen the organization’s security posture and mitigate threats.
Security automation doesn’t necessarily have to be exotic. Especially if you’re just starting out, some of the simplest automation can have considerable impacts.
“For example, if there are a series of invalid login attempts on an employee’s laptop, automated and predetermined interventions can warn IT staff or provide user guidance in the form of a dialog or, if all else fails, automatically disable their access from that device if failed attempts continue,” Makim says.
For another example, Makim describes a device that travels outside of a preset geofence. Automated actions can immediately disable access to data and/or message the user to fall back into compliance – or any other automated steps that match the organization’s policies.
If you already use an IT automation platform like Ansible, it can work with a wide range of security tools and processes to automate various security operations, such as automating specific traffic blocking in an enterprise firewall. Check out 5 examples of security automation with Ansible for more uses, as well as 5 ways to improve security automation for optimization.
It’s not that human beings can’t monitor network traffic or block suspicious activity – it’s that automation can do it much faster, and speed is critical in the security game.
Compare automated actions with a security or IT team member needing to take action manually – the difference in response times (instant versus not instant) is critical, Makim says. “More than ever, those in charge of security can’t be everywhere at once, and automating the right security tasks can render otherwise-scary threat scenarios benign in the blink of an eye."
As we covered recently, software supply chain security remains a major focus in 2023. Accordingly, software pipelines are awash in opportunities for security automation – especially because so many teams have automated much of the rest of those pipelines.
“Over the last several years, engineering teams have automated nearly all of their development and deployment processes across APIs in CI/CD pipelines and unfortunately, security has oftentimes been an afterthought,” says Paul Nguyen, co-founder and co-CEO of Permiso. “Accordingly, attackers have leveraged stolen API keys and compromised service tokens as methods to infiltrate a network or service and move laterally.”
The course correction isn’t to dump DevOps and CI/CD pipelines, obviously – it’s to better secure them, and automation is key. So is DevSecOps.
“It’s time for security teams to embrace automation and bolster their defenses in order to be able to respond to the modern tactics of bad actors,” Nguyen says.
Security strategies have commonly focused on the human element, and rightly so – people make mistakes, and that can lead to all manner of risks. Phishing emails still exist because they work.
But in the context of increasingly automated software pipelines – and increasingly automated organizations overall – machine-to-machine communication is just as important.
“If we step back and think about it, most communication within a network, across clouds, and across the internet is actually system-to-system and machine-to-machine, where these systems could be cloud workloads, containers, virtual machines, microservices, sensors, more traditional on-premise servers, industrial IoT equipment, and more,” says Anusha Iyer, co-founder and CEO at Corsha.
Securing such dynamic and automated environments is virtually impossible without security automation, and consider machine-machine (or system-system) interaction just as important a vector as human-machine interaction.
“Machine identity needs to be elevated as a ‘first-class citizen’ to move beyond traditional security perimeters and, in an automated way, secure movement of data and control across all of these hybrid environments at scale,” Iyer says.
You’ve likely heard the expression “fight fire with fire.” In today’s IT security landscape, that means fighting automation with automation.
“Attackers are increasingly using more automated and more powerful tools themselves,” notes Shahar Binyamin, CEO and co-founder at Inigo. “Manually executed security defenses simply won’t be able to keep up with the increasing volume and sophistication of these threats.”
In Inigo’s particular corner of the security universe – GraphQL API security – attackers have automated their searches for weak GraphQL endpoints, for example.
“They’ll probe many of these endpoints at once, starting with the most common locations,” Binyamin says. “If automation isn’t matched with automation, you’re asking for trouble. From attack detection and mitigation to hardening attack surfaces to access controls, organizations need to be automating as much as they can right now.”
[ Also read 5 automation predictions for 2023 from IT leaders. ]
Indeed, this principle applies widely across different systems and threat surfaces – not just API security. Automated attack methods need automated defenses.
“Security AI, analytics, and automation are vital in order to stay on pace with the automated attacks being created and executed by hackers and criminals on the hour – or the second,” says Amir Orad, CEO of Sisense.
Orad notes that automation and AI are helping attackers deploy old-school methods such as phishing emails with ever-greater speed and sophistication. He even expects attackers to begin using ChatGPT to create more effective phishing messages.
So if you want to fight fire with fire, as the saying goes, security automation is becoming table stakes – if it isn’t already. Automated attack methods paired with information overload – the incredible amount of incoming feeds, alerts, notifications, news, and raw data – make for an overwhelming combination when teams try to deal with it all manually.
“By the time an alert is seen and manually investigated, the fight has already begun with automated systems, on both sides,” Orad says. “This is the way things are headed and are somewhat already here.”
Along with growing use of automation by attackers, Binyamin sees the growing complexity of many organizations’ compliance requirements as one of the top drivers of security automation in 2023.
“On the compliance front, ever-more-stringent and specific regulations across industries mean there is less and less room for error,” Binyamin says.
While compliance is a separate area, it’s certainly related. That’s because, among other reasons, if you experience a security breach, an audit could soon follow – perhaps especially if it involves sensitive customer data. (This of course depends on your jurisdiction, industry, and other factors.)
Security automation can help organizations show they were taking the proper steps to protect their systems and data.
“If there’s a breach and your organization is audited, you’ll need to prove that you have the requisite security processes in place,” Binyamin says. “Automating as many of those processes as possible makes that reporting far more manageable – and should make you sleep better at night.”
Much of the above centers around strengthening defensive postures and response or mitigation in the event of an incident. But security automation can help on offense, too.
This is particularly important because in the past, Nguyen says, teams sometimes compensated for a lack of security automation by doubling down on offensive strategies like threat hunting – the practice of proactively looking for issues that might create significant risks for the organization.
That’s a good practice in general, but according to Nguyen, many teams either lack the proper tooling, time, or experience to do it effectively in today’s dynamic IT environments – unless they embrace automation.
“Most teams are overwhelmed trying to manage alerts or notifications from their existing suite of tools that are lighting up dashboards like a Christmas tree,” Nguyen says.
To mix a metaphor with the simile: If you’re looking for a dangerous needle in an enormous haystack, wouldn’t you want a machine to help you clear the hay?
“Organizations need to start to embrace automation to identify and contextualize a threat in order to ensure the security of your network isn’t predicated on a human’s response time or skill set and orchestrate responses that can enhance a security team’s detection capabilities at scale,” Nguyen says.
[ Learn how leaders are embracing enterprise-wide IT automation: Taking the lead on IT Automation. ]