Automation: Helping Speed Vulnerability Response

Automation can help organizations respond to vulnerabilities faster and improve their security posture

Enterprises across the globe are recognizing the benefits of automation. From streamlining HR’s onboarding process to automating IT help desk tickets, employees today can focus less on manual, mundane tasks and more on strategic work that adds value and drives business results.

Unfortunately, and somewhat surprisingly, not every team has figured automation out—even some teams that could desperately use the technology.

In fact, according to a 2019 survey of 3,000 security professionals conducted by ServiceNow and the Ponemon Institute, threat intelligence, incident response platforms and security automation are the preferred tools for improving vulnerability response, yet less than half of respondents (46%) use this technology.

This is a problem, considering the ongoing challenges associated with cyberattacks. The same study found that the volume of cyberattacks jumped 17% from 2018 to 2019, and it takes an average of 16 days to patch a critical vulnerability after it has been detected. What’s more, 50% of respondents said the window of time to patch a vulnerability has decreased over the past two years.

Simply, companies have less time to patch vulnerabilities, but the patching process is taking longer than ever.

It’s Not for Lack of Trying

Year over year, more resources are being spent on vulnerability response. On average in 2019, organizations spent $1.4 million annually on vulnerability management activities, an increase from $1.16 million in 2018. But IT security teams still struggled to quickly respond and mitigate the attacks. This tells us that despite the time, money and effort going into vulnerability response, organizations are not being efficient with their patch management processes.

Today, as hackers continue to outpace organizations, security teams must improve their security posture, but it takes more than training employees to identify and report phishing scams. It’s critical that a security team is able to detect, respond and patch vulnerabilities quickly. This is easier said than done.

Sixty percent of respondents from the ServiceNow and Ponemon study agreed that IT security teams are spending more time navigating manual processes than responding to vulnerabilities, resulting in bottlenecks and backlogs in the patching process. And over half (52%) agreed that using manual processes for vulnerability response puts their organization at a disadvantage.

Automation Can Transform Vulnerability Response

When asked about the steps employees thought their organization would take to improve patch management, almost half (45%) said automation. This was followed by an increase in IT security staff (40%). Unfortunately, currently, only 44% of respondents said their organizations are using automation to assist with vulnerability management and patching.

Employees on IT security teams recognize the benefits of automation, but they still haven’t figured out the most impactful ways to leverage the technology.

Automation Reduces the Time to Respond to Vulnerabilities

It’s critical, however, that security teams figure this out quickly because the benefits are broad.

Automation, according to organizations that use this technology, reduces the time to respond to vulnerabilities. Eighty percent of organizations that use automation said they can respond to vulnerabilities in a shorter time period. In addition, automation helps teams reduce downtime, patch in a timely manner, prioritize the most critical vulnerabilities and increases the efficiency and effectiveness of the IT staff.

Wrapping It Up

Sixty percent of respondents from the 2019 Ponemon study said that attackers are outpacing enterprises with technology such as machine learning and artificial intelligence. While this is a 5% drop from 2018, the number should still motivate organizations to embrace automation.

By adopting automation for vulnerability response, IT security teams will not only be able to improve security posture but also be able to focus on more critical work—and prevent future breaches in the meantime.

Avatar photo

Barbara Kay

Barbara G. Kay, CISSP, is Senior Director of Security Product at ExtraHop. She brings years of experience in threat intelligence, data analytics, machine learning, and security product strategy. She focuses on the needs and opportunities for reinventing security operations and the Reveal(x) product line. Prior to ExtraHop, she led security operations market research and product strategy for McAfee and was responsible for the threat intelligence and analytics solutions, as well as the security information and event management (SIEM) Platform. Before McAfee, her consultancy helped innovators including Cisco, McAfee, Websense, Good Technologies, and Netgear. She has also served as Director of Security and Privacy Marketing for Sun Microsystems and led marketing efforts for several multimedia and software development tools startups. She recently was a featured speaker at Interop ITX and is a frequent contributor to online publications and blogs and holds a BA from Dartmouth College.

barbara-kay has 2 posts and counting.See all posts by barbara-kay