Automating Cyber Security Incident Response: The Key to Stopping Breaches Before it is Too Late

By: Gabby Nizri

According to ongoing research conducted by the Breach Level Index, more than 3.5 million data records are lost or stolen every single day. Furthermore, the costs and ancillary damages stemming from security breaches also continue to rise. In fact, the 2016 Ponemon Cost of Data Breach report revealed that the average cost of just one security breach has risen to a whopping $4 million. Perhaps more noteworthy, however, was the study’s demonstration of a direct correlation between how quickly an organization can identify and contain data breach incidents, and their ability to mitigate subsequent financial consequences.

In terms of malicious attacks, the average time it takes to identify a security breach is around 229 days. More importantly, the time to contain said breach averages out to about 82 days. Wider adoption of things like big data, cloud computing, and hybrid network architectures also bring with them greater risk of cyber security breaches. This reality is compounded by the fact that hackers are becoming more sophisticated than ever before. There is no single technology on the market today that can stop them. And hiring more personnel isn’t the answer either. So, how can understaffed and overworked security professionals meet this ominous threat?

The key is automation. Why? Because it’s a force multiplier. When combined with quality monitoring tools, automation can tie disparate systems and applications together, providing a highly-effective, closed-loop process that can improve response times by 80 percent while simultaneously reducing human errors by 90 percent (and even possibly eliminate them altogether). Will it replace the need for human workers? No – at least not yet. What automation can do, though, is augment existing personnel, allowing them to manage and protect against the ever rising tide of threats, without increasing headcount.

Improving efficiency, saving time, and reducing errors

Let’s look at an example. The manager of a security operations team at an overseas mobile communications provider realized his team was getting bogged down with laborious manual script-writing to manage a variety of repetitive tasks in their environment. He knew their time could be much better spent focusing on other important, business-critical duties, and automation seemed like it could help free them up for that.

So the mobile communications provider implemented an IT and Security Process Automation solution. The first process it automated was a massive cleanup of disk space on more than 4,000 workstations, followed by the monitoring of the company’s main website for any service downtime or incoming virus threats. Impressed with the results, the company expanded to automate the following:

  • creation of password expiration reports and notifications;
  • daily file maintenance;
  • monitoring alerts from their SIEM-SOC and delivering them in real-time via mail and text message; and
  • monitoring virus alerts throughout the network and notifying the appropriate employees who were affected.

The manager reported that, before rolling out the automation solution, they were spending a lot of time processing manual tasks and chasing down alerts, then trying to figure out who should be handling them.  Following the deployment, they stopped executing the same repetitive manual tasks over and over, by automating the most critical ones. His team was able to convert most of their manual tasks into automated workflows, easily and efficiently, which not only resulted in a huge time savings, but also provided peace of mind knowing that when an alert came in, the right person was notified.


Latest Updates

Subscribe to our YouTube Channel