Understanding the Automator’s Dilemma in Security

Stuart Borgman


It was not my typical reading material while sitting next to the swimming pool on holiday, but the cybersecurity book @War by Shane Harris turned out to be a fascinating and easy read. It’s a recommended read in the Palo Alto Networks-sponsored Cybersecurity Canon book list, and provides insight into the evolving role of cybersecurity in warfare.

The book highlighted how cybersecurity changed government and private sector policy over a 10-year period, through 2014. Harris discusses the challenges national governments face when building a cyber defence strategy and the role vendors, service providers and enterprises must play. What’s true now, as then, is that the private sector will continue to draw the top talent as governments are unable to compete with the salaries of commercial companies.

Many enterprises have moved quickly to develop their cyber defence strategies. Financial institutions have a lot to lose in the event of a successful breach, so they have allocated large budgets to build robust and sophisticated cyber defences. Many of these companies are hiring from government agencies where knowledge and skills have been well-honed. With the right investment and skills, strong prevention strategies are being established.

But for smaller organisations, this is typically an investment they cannot afford to prioritise. Without the skills or knowledge, their risk from cybercrime is often poorly understood or left to chance. Cyber insurance attempts to fill a void and mitigate the risk, but cybercrime is unlike other forms of theft, in that you can’t simply reclaim stolen property. This is where service providers need to fill the void both in education and in delivering cybersecurity defence strategies. For this to be effective, education needs to be simple but effective. The solution needs to comprehensive, but not complex to consume.

Those organisations who want to build their own effective cybersecurity prevention strategy or deliver a comprehensive Managed Security Service Provider (MSSP) offering have recruitment and retention of talented cybersecurity resources high on their priority list. But having talented resources solves only part of the problem when working in a rapidly changing environment.

With all of that in mind, here are some suggestions:

  • Look to other more established industries for guidance, no matter how good your workforce. Machine control and automation ultimately become critical to managing scale and change.
  • The more dynamic the environment, the more important automation becomes. Closed loop control systems that allow critical systems to be dynamically controlled are used in most manufacturing and engineering processes. The rapidly changing cybersecurity landscape also needs automation and the benefits of closed loop control systems to be able to maintain pace with the rate of change.
  • Scaling with human talent alone can no longer keep pace. The Heavy Reading white paper – The Evolution of Security: Harnessing the Power of Automated visibility – highlights this point.

Shane Harris in @War writes about the scale of Zero day threats stockpiled throughout the globe. These are held by governmental organisations, service providers and enterprises. The recent WannaCry malware was allegedly leaked from a government organisation and quickly used globally with malicious intent. It caused significant damage and quickly morphed to other malware such a Petya/NotPetya Ransomware. The speed of infection and rate of change made containment via manual intervention difficult.

The Heavy Reading paper highlights how quickly malware can spread. A single malware instance can spiral to more than 45,000 instances in only 30 minutes. The principle of a closed loop system is to detect and automate change. While this sounds simple, it is not without risk. Inaccurate information, such as false positives can cause critical data or applications to be blocked. But other industries have been through these issues, and made progress toward solving them.

The oil industry moved from manual to automated processes. The risks for this industry were high: incorrect control of highly combustible materials could easily result in a catastrophic outcome. But these issues were solved through accurate detection and measurement, granular controls, process visibility via human management systems and safety systems.

All industries affected by cyber threats – meaning, everyone — require accurate detection of malware, flexible platforms that can respond to change, human interfaces to both inspect and measure, and safety through high availability systems.
This is where Palo Alto Networks is investing. Our Application Framework is the next evolution in building a scalable and automated security posture. Automation should no longer be aspirational, it needs to become a standard component of any APT [Advanced Persistent Threat] prevention strategy for both large and small organisations.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS