The Case for CSP Automation

CSP Automation


Would you walk from San Francisco to Los Angeles or take a flight? Both methods will get you there but only one is practical. AI and automation bring the same practicality to IT operations, says Tala’s Sanjay Sawhney.

Imagine having to develop a CSP policy for a website with 20k URLs, spread across 20 applications using different frameworks/technologies, developed by a globally distributed team. And half of the developers who built this site are gone. You need an accurate policy to give the highest level of security, without breaking any functionality of the website. But what if this site changes five times a month? How do you reflect this in an updated policy? Maybe you’re brave enough to put 4-5 resources to chase all the application teams to develop a reasonable policy.

Now you’ve managed to develop a good CSP, but you get millions of violations daily. How do you differentiate between false positives, noise triggered by browser extensions/ISP modifications, and real attacks? Once you’ve figured out how to deal with this, you have to tackle this for the 300 other websites your company owns (internal sites, subsidiaries, acquisitions).

This is where AI and automation come in. To deal with this trifecta of scale, dynamism and completeness/accuracy, you have no choice but to automate.

This is a scenario where automation can help you do something that just isn’t humanly practical. Humans err, automation doesn’t. Automation can get you quick results when humans take far too long.

Are you flying to LA or walking?



*** This is a Security Bloggers Network syndicated blog from Tala Blog authored by Sanjay Sawhney, Co-Founder and VP of Engineering. Read the original post at: