Chatbots, Maintenance and Monitoring: Security Automation

Last week the Identity Theft Resource Center (ITRC) unveiled its virtual victim assistant, ViViAN, to serve identity crime victims after-hours and on weekends.

Developed in partnership with the SAS Institute, an anti-fraud software and services company and funded by a grant from the U.S. Department of Justice – Office of Victims of Crime, ViViAN will give identity theft and fraud victims a place to begin resolving their concerns while ITRC advisors are not otherwise available.

Digital Security Strategies Depend on Automation

The platform is latest in a series of automation-enabled tools being integrated into digital security strategies, which use a combination of artificial intelligence (AI), machine learning (ML) and natural language processing (NLP).

Automation is a must for any large enterprise. You simply cannot throw enough dollars or bodies at the current set of cybersecurity threats,” explained James E. Lee, ITRC’s chief operating officer. “Automation allows you to reduce the resources -time, money and people – spent on routine tasks so your skilled IT teams can focus on value-added tasks.”

He pointed out that automation tools benefit businesses of all sizes, and said the question is who actually deploys the automation.

“A truly small business may have very modest needs that can be satisfied by ensuring the automatic update of their OS, firewall, apps, and antivirus is enabled,” Lee said. “Businesses that outsource their security to an MSSP can get the benefits of automation via their vendor.”

Vishal Jain, co-founder and CTO at Valtix, a provider of cloud-native network security services, said although traditionally more focused on DevOps, there are many provisioning tools and automation techniques that are becoming important for security and security architects, as well.

“With the move to a cloud-first mindset, security professionals are going to have to get much more comfortable with these types of technologies and aligning their capabilities,” Jain said. “We also see NLP-based chatbots used to either automate support questions or automate common security operations workflows.”

The Sky is the Limit

He said for now, the biggest limitations of automation tools for security and threat management are when traditional tools are ported to the cloud.

“This usually brings with it a cumbersome model of complex scripting that is difficult, and breaks,” Jain said. “With the skills shortage already being a problem, the sheer maintenance and monitoring required to automate security tools that weren’t meant to be automated can be a nightmare.”

He said to fully automate, enterprises need to adopt cloud-native security and threat management solutions that were built for that purpose.

Lee explained that automation is already standard operating procedure in many areas of IT security, and that will undoubtedly continue to expand; the question for today is what class of automated tools will emerge from the realignment of priorities forced by the pandemic.

“The low-hanging fruit remains the ability to quickly identify and fix bad code once in production,” Lee said. “Just like we can’t throw enough bodies at all the cybersecurity threats, we can’t put enough fingers on keyboards to write flawless code, and it’s a fool’s errand to believe we can.”

Breaking Down Cultural Barriers to Automation

He noted the barriers to greater use of automation in security are more cultural than technological, but noted that is changing.

“The generation of cybersecurity leaders taking the reins now, and those behind, aren’t wedded to the same network mentality that has dominated security teams,” Lee said. “They realize that embracing automation doesn’t mean you lose headcount. It means you free up talent to work on the problems they can’t get to today because they’re stuck performing manual tasks better suited for machines.”

That’s a perspective shared by John Morgan, CEO at Confluera, a provider of cloud cybersecurity detection and response, who said security automation is now a requirement for practically all industries and sizes of organizations.

Automation is being inserted into all phases of the application and services life cycle from early app development in a shift left strategy to testing, deployment, policy configuration, access management, detection, mitigation and response. Often, these are divided into pre-runtime and runtime integrations.

“In the last few years, we have seen a lot of innovation automating pre-runtime use cases, and now we are seeing new approaches to runtime detection and response automation with things like cyberattack graphs,” Morgan explained.

Cyberattack graphs are automatically created, and show how the attacker is moving through an environment. This new level of automation takes the place of highly skilled cybersecurity analysts that previously would have to piece together the attack progression manually.

“When done manually, creating attack graphs is an exhaustive and time-consuming task,” he said. “But when the speed of machine learning coupled with the scalability of the cloud is applied, organizations can start seeing the graph being built in real-time, as the attack is occurring and allow for immediate mitigations before damage occurs.”

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

nathan-eddy has 250 posts and counting.See all posts by nathan-eddy