The Rewind: Proactive Cyber Defense and Security Automation Go Hand in Hand

This week’s Rewind focuses on proactive cyber defense, how the security skills shortage is impacting attackers, and more action in the security automation and orchestration space.

A common thread among these topics is the increasing use of security automation.

Proactive Cyber Defense

The article “Be proactive not reactive to cybersecurity threats,”(link is external) published in CSO online (@CSOonline) by freelancer Kenneth Corbin (@kecorb), has some excellent insights from Rick Howard (@raceBannon99), CSO of Palo Alto Networks (@PaloAltoNtwks) and John Davis, CSO of Palo Alto Networks’ federal division. Rick and John’s key points include:

• The security challenge is not about a cyber Pearl Harbor, but accumulated damage from thousands of cyber attacks (i.e. death by 1,000 cut view).
• Organizations need to do more basic blocking and tackling.
• The focus needs to be more on data breach prevention than recovery after the fact.

Todd’s Take (TT):

• It’s important for organizations to be more proactive with cyber defense efforts. This ranges from making sure you are doing the basics (patching, vulnerability assessments, etc.) to monitoring to response.
• Proactive cyber defense requires a combination of prevention, detection, and response capabilities that are tightly integrated and leverage automation.
• Among cyber vendors, there is often a religious battle between prevention vs. detection and response. I believe this is driven by the traditional view of prevention which is defined as detecting and blocking threats prior to infection. Organizations should definitely look to prevent as much as possible under this construct, but history shows us you can’t prevent everything.
• I love the key point about the focus being more on data breach prevention. This is a broader definition of prevention and is ultimately what we are all focused on doing – preventing data breaches from happening. Obviously, the earlier you detect and stop the threat along the kill chain, the better.

Security Skills Shortage Hitting Cybercriminals

Great article by Maria Korolov (@MariaKorolov) also in CSO online – “Cybercriminals face hacker talent shortage.” The article highlights a report from Digital Shadows (@digitalshadows) and some commentary from its new VP of Strategy, Rick Holland (@rickhholland). The gist of the article is that cybercriminals are facing the same challenges as cyber defenders in terms of hiring talent, such as malware writers, exploit, developers, and bot net operators.

Todd’s Take (TT):

This makes sense, however, as sophisticated cyberattack tools become more widely available, easier to use, and automated (not to mention malware-as-a-service), this empowers less skilled people to become cybercriminals. Looking at it from the cyber defender side, organizations should look to leverage security solutions that include integrated capabilities (detect, verify, respond) and leverage automation. Leveraging automation can help not only reduce your time to detect, but also reduce your time to respond to threats. Security automation can help alleviate the challenges you are facing on the security skills front by enabling you to get more out of existing resources.

Security Automation & Orchestration Remains Hot

Speaking of security automation and orchestration, this remains a hot area as far as vendor consolidation. On the heels of FireEye’s recent acquisition of Invotas, last week IBM announced it was acquiring Resilient Systems.

Todd’s Take (TT):

Momentum behind security automation continues to increase and I expect this to continue. In some respects, this is a natural evolution as far as the increasing maturity of security operations. I also think it’s increasingly required to not only keep up with the furious pace of cyberattacks, but also to help alleviate pressures being driven by the security skills shortage.

- See more at: https://www.hexiscyber.com/news/hot-topics/rewind-proactive-cyber-defense-and-security-automation-go-hand-hand#sthash.pFRCFBaM.dpuf