The COVID-19 pandemic has impacted organizations worldwide. Many were forced to transition their entire workforce to remote environments seemingly overnight, while others had to scale down their workforces through furloughs or layoffs. These changes have led to numerous challenges for security operations centers (SOCs). It remains critical that SOCs have a full understanding of the environment that they are monitoring. But with such drastic changes in a short period of time, it has been exceedingly difficult to keep up with a remote workforce and the evolving threat landscape.
Many security teams are unable to staff up to the levels necessary to monitor and respond to every threat because of the growing cybersecurity skills shortage, while others have been affected by budget cuts that have inhibited their ability to hire more workers. Introducing and/or increasing the use of automation in the SOC is one way to counter this growing problem.
Many organizations have implemented a security orchestration, automation and response (SOAR) solution to execute security-related tasks automatically as a way to free up staff to focus on more advanced threat defense. While it won’t solve all of your problems, automation is one of the most efficient and effective ways to scale your team and decrease your organization’s security risk during this unprecedented time.
Report Finds Increase in Automation Adoption with Remote Working
According to a recent Enterprise Management Associates (EMA) report, How Automation and Orchestration can Help Bridge the IT Security Skills Gap, “…IT security teams are relying on the automation delivered through SOAR and other security technologies like never before… 94% [of respondents] reported that their SOAR platforms were either very or extremely valuable in enabling security teams working remotely to coordinate security workflows.” In fact, with the dramatic increase in remote working, this study highlighted the fact that it’s taking SOC teams significantly longer and making it much more difficult to perform vulnerability scanning on endpoints and deploy patches and updates.
“94% [of respondents] reported that their SOAR platforms were either very or extremely valuable in enabling security teams working remotely to coordinate security workflows.”
With an increase in remote collaboration both among SOC employees and the organization as a whole, the study also reported a rise in the quantity and types of files being shared, which only increases the organization’s security risk. These file types range from images and media to documents and emails, with the latter posing the greatest security risk to organizations, according to the report. It is becoming increasingly important for organizations to find ways to monitor and secure information sharing among their employees easier and more efficiently.
Popular Security Automation Use Cases
Although phishing is one of the most common use cases for automation and typically one of the first completed during a SOAR implementation, the report identified many other ways that automation is being used in organizations during the rise of remote work. EMA asked respondents to select the top three activities that offered the greatest value in productivity improvements made possible through automation. Although results varied depending on the organization’s size, leading responses included automating vulnerability remediation and automating patch management.
Our customers and partners have also indicated that these two use cases are increasingly popular right now as unpatched and misconfigured hardware, applications, security stacks, systems, endpoints and cloud services can result in massive security breaches via open ports, configuration settings and unpatched vulnerabilities. A SOAR solution can automate vulnerability scans and assist you in making sense of vulnerability reports, so information is more easily accessible and human usable. In fact, a SOAR solution like Swimlane can automatically add important contextual data by leveraging prior scan results, analysts’ notes, and known and accepted risk elements. This provides your SOC with a more efficient way to proactively see, prioritize and remediate vulnerabilities across your IT ecosystem.
We all know that the pandemic has and will continue to change how all organizations operate, but it is vital that the SOC continues to evolve. Threats are only increasing and changing in this new environment and automation is a critical component to stay on top of—and hopefully ahead of—bad actors. To learn more about how automation can enhance your SOC during these unpredictable times, download EMA’s How Automation and Orchestration can Help Bridge the IT Security Skills Gap report today.
*** This is a Security Bloggers Network syndicated blog from Swimlane authored by Sydni Williams-Shaw. Read the original post at: https://swimlane.com/blog/staying-ahead-of-pandemic-related-cybersecurity-threats-with-automation/