Is Automation the Answer to Security Fears?

Technological advances have revolutionized our lifestyles, but they have yet to eliminate one of our most primal fears. While we enjoy the fruits of our online existence, we still live under the constant concern that our personal data will be compromised and fall into the hands of others.

Can our interconnected life in the cloud coexist with our right to privacy? It’s a question that continues to dog us, especially as we migrate toward 5G networks and increasingly work from home in the age of COVID-19.

With every technology we introduce to expand our reach, we create a larger attack surface for hackers to target. The coronavirus crisis has increasingly forced us to log in remotely to sensitive servers and systems, leaving us susceptible to attacks and providing a boon for cybercriminals.

The answer to staying one step ahead of them lies in automation. Our systems have simply become too sophisticated and expansive for overworked and overwhelmed humans to manage our defenses alone.

In just a matter of months in 2020, hundreds of COVID-19 domains were registered and half of them were thought to be involved in malicious activity. Hackers launched broad spam attacks, as well as highly targeted email-based phishing campaigns that preyed on people’s need to stay connected during the pandemic. This comes on top of the usual threats of ransomware, DDoS attacks or even phishing malware.

Prior to COVID-19, most companies limited employee access to critical systems to the physical office space. But now, secure connections are required from home, creating an information highway to the office that exposes individuals and their employers to a far greater degree. Remote workers have been tricked into activating malware, such as infected videoconferencing apps, that give cybercriminals full access to their companies’ servers and systems.

In the first six months of 2019, even before the outbreak, more than 3,800 data breaches exposed 4.1 billion records, the worst year on record for breach activity and more than a 50% increase over the midyear mark of 2018. The disruptive technologies of 5G, the internet of things (IoT) and the cloud will only create more potential cyberrisks. IoT connections alone will reach almost 25 billion globally by 2025.

Automation and analytics play a key role in helping us respond quickly and proactively to threats, and to eliminate the time between detection and mitigation. Fighting the growing volume of threats requires automated operational workflows and integrated threat intelligence – all in real time.

We not only need to do more, but we need to do it more effectively. In the world of security there are a lot of false positives; most of the alerts we receive turn out not to be real threats. Even more disturbingly, real incidents will typically trip more than one system, and the attack could slip through the cracks of a human’s analysis.

Modern security operations provide us plenty of tools. But the shortage of cybersecurity professionals needed to investigate all these warnings eat up valuable analyst time on investigating what often turn out to be false positives, while allowing real threats to carry on unabated.

That’s where a security management center (SMC) solution comes in. A security management center offers user-friendly security operations analytics and reporting capabilities, enabling operators to identify, address and intercept threats before they become breaches. By collecting and analyzing data, it can help operators form actionable insights to improve decision making, control costs and risk. SMCs also offer automation and orchestration features that connect disparate systems into a single integrated one. The cloud-native platform plugs into an existing infrastructure to counter attacks and radically reduce the threat dwell time and human-powered tasks and response time.

Such a security automation service allows analysts to prioritize risks and automate their security operations according to specific attack surfaces and business operations, reducing the cost of labor for repetitive actions.

All this is tricky enough in dealing with individual servers. But what about an interconnected city, in which hacking into one sensor could provide a gateway to thousands of others?

Given the crisis, there is a dire need to relieve the pressure on security teams by automating threat detection and response. Adaptability, speed, integration and automation are the crucial features of an efficient 5G security and response system. These include building a strong network, securing smart devices and employing a zero-trust protection framework.

Essentially, we have increased the complexity such that we need to apply machine learning and automation to address the new risks that we created by making these services available.

In a digital world composed of smart cities, power grid companies and critical infrastructure in health, police or government, we need tailored threat intelligence to make sure these systems can continue to operate safely and without interruption. Only artificial intelligence can guarantee that.

Typically, the more convenience you provide people, the less secure they will be. What automation does is allow us to keep the convenience while still staying safe. To do that, and protect every possible entry point, we need the help of machines.

Avatar photo

Aron Heller

Aron Heller is the lead writer and editor for Nokia's Cloud and Network Services, where he tells the story of technology and the people behind it. He was previously the long-time Jerusalem correspondent for The Associated Press and an adjunct journalism professor and sports broadcaster. Aron has covered ten Israeli elections, four Mideast wars, dozens of other major world events and has been dispatched on assignments across five continents. A certified baseball coach and umpire, Aron has also been known to cite obscure quotes from cult comedy films.

aron-heller has 1 posts and counting.See all posts by aron-heller