April 9, 2018
That’s according to a new report by McAfee. It includes a survey of 300 senior security managers and 650 security professionals in public-sector and private-sector organizations with 500 or more employees in the United States, United Kingdom, Germany, France, Singapore, Australia and Japan.
The growing threat landscape, and cybersecurity skills and talent shortage, are driving automation as an essential ingredient in fighting cyberattackers, according to McAfee. By pairing human intelligence with automated tasks and putting human-machine teaming in practice, automated programs handle basic security protocols while practitioners have their time freed up to proactively address unknown threats.
Grant Bourzikas, McAfee’s chief information security officer, tells us that automation increasingly is going to play a role in overall cybersecurity.
McAfee’s Grant Bourzikas
“New technology into the industry typically beats the new threat actors; it doesn’t become a problem until there’s enough widespread adoption, and once that adoption hits, the attackers start to target and then it loses its effectiveness,” he said. “We’ve seen this over time with companies that are the hottest new thing, and then all of a sudden a threat actor can beat the software. So I think one of the key things is the ability to roll and stay current with software. So how do we automate that [more easily]? How do we automate patching? How do we automate configuration? How do we automate identity and access controls? Those are going to be very core things.”
According to the survey:
Eighty-one percent believe their organization’s cybersecurity would be safer if it implemented greater automation.
One-quarter say that automation frees up time to focus on innovation and value-added work.
Nearly one-third (32 percent) of those not investing in automation say it is due to lack of in-house skills.
And automation isn’t necessarily about saving money, Bourzikas said.
“Security changes so quickly that it takes a lot of time to learn about it, and how do we stay ahead of the next attacker? It’s really an automation and a CI (continuous improvement) exercise — what could we have done better?” he said. “Where I think we are on this skills shortage is if we can automate, it will allow us to start to overcome some of the work that’s on us so we can focus on the higher-value stuff. The cloud is a good example. With the movement to the different cloud providers, how we automate those repeatable processes to build out environments quickly is a very key message in doing it fresh.”
Most organizations say they are already using some form of automation in their cybersecurity processes; however, much of that appears to be at a very basic level and automation is not being used as effectively as it could be, with a lot of room for improvement, according to McAfee. For example, use of automation is still relatively low for key cybersecurity tasks such as identifying all locations of a threat (29 percent), correcting and remediating threats (33 percent), detecting threats across some of the IT architecture (33 percent) and threat containment (36 percent).
Gamification, the concept of applying elements of game-playing to non-game activities, is growing in importance as a tool to help …
… drive a higher performing cybersecurity organization, McAfee says. Within organizations that hold gamification exercises, hackathons, capture-the-flag, red team-blue team or bug bounty programs are the most common, and almost all (96 percent) of those that use gamification in the workplace report seeing benefits.
According to the survey:
More than half of respondents report that using games increases awareness and IT staff knowledge of how breaches can occur.
Forty-three percent say gamification enforces a teamwork culture needed for quick and effective cybersecurity.
Three-quarters (77 percent) of senior managers agree that their organization would be safer if they leveraged more gamification.
“With cybersecurity breaches being the norm for organizations, we have to create a workplace that empowers cybersecurity responders to do their best work,” Bourzikas said.
Bug Bounty Programs Revisited
In a recent column, we looked at bug bounty programs, in which companies like Bitdefender and Kaspersky Lab offer rewards for finding and reporting software bugs so they can be fixed before cybercriminals exploit them. Barracuda Networks also wanted to weigh in on how its bug bounty program is helping it battle cybercriminals.
Dave Farrow, Barracuda’s senior director of information security, tells us the initial program was launched in 2010 was managed internally, and was launched to “show our support for the burgeoning bounty movement.” He calls the hackers that help his company “researchers.”
“In 2014 we partnered with Bugcrowd to manage researcher relations and to allow us to focus internally on vulnerability management and remediation,” he said. “The researchers participating in the program bring a set of experiences and skill sets to our product-testing process that is very different from our internal product quality assurance and extend our test coverage in a very cost-effective way.”
Farrow said most of the researchers he’s dealt with personally have appreciated the opportunity to partner with Barracuda to make its products – and the internet in general – a better place.
“We periodically run into researchers that are unhappy with something about the program, but they are in the minority,” he said. “I think it’s a testament to the community that I’ve developed personal friendships with a number of the researchers who have contributed to our program. They are, in general, a great bunch of folks.”
Attivo Beefs Up Deception and Response Platform
Attivo Networks has enhanced its ThreatDefend platform designed to deceive and reveal attackers that have bypassed perimeter security. It has added counterintelligence functionality to help companies identify the specific data attackers are seeking, as well as geolocation services that indicate where the documents are being accessed.
Attivo’s Carolyn Crandall
The platform’s new DecoyDocs feature provides the ability to plant deception files that allow the organization to conduct data loss tracking (DLT) on documents that have been exfiltrated. By embedding a tracking call-back function into a document, the solution provides information about what was stolen and where an attacker opened the file, whether inside or outside of the network.
Carolyn Crandall, Attivo’s chief deception officer, tells us the platform provides new opportunities for partners by providing them with an active security defense based on prevention, detection and response capabilities.
“The solution does not replace existing prevention infrastructure, but instead closes the in-network detection gap and provides tools to reduce dwell time, accelerate attack analysis, and reduce incident response time,” she said. “The functionality of counterintelligence is a new conversation that partners can have with customers in order to help them strengthen their overall defenses. Now, in addition to threat and adversary intelligence that can be gathered by deception technology on an attack — counterintelligence can be added to better understand …
… the types of documents being targeted. ”
Partners can offer deception-based threat detection as a mechanism for building an active defense for customers across all industries, Crandall said.
“Resellers specializing in IoT, ICS (industrial control system) or POS can now offer early detection for network devices that have been historically difficult to secure,” she said. “Partners selling to legal, technology or entertainment industries can now also promote this counterintelligence solution as a means to understand if their customer is being targeted on a particular case, patent or other IP theft.”
SecurityFirst Updates DataKeep Data-Centric Security Offering
SecurityFirst‘s latest DataKeep offering allows customers to use low-cost and scalable storage located on premises or within cloud environments without losing data security and privacy. Additionally, new commands for existing file and volume data protection agents combine to help mitigate ransomware attacks.
SecurityFirst’s Jim Varner
Key DataKeep product enhancements and benefits include: expanded enterprise-level control and capabilities; a low-cost storage alternative to premium cloud storage, disk or tape storage; the ability to copy, move, restore or conduct an encrypted full or incremental backup of files; and increased resiliency and improved data loss prevention.
Jim Varner, SecurityFirst’s president and CEO, tells us the offering “opens up a whole new selling opportunity for companies looking to expand with low-cost storage in a secure manner.”
“Most IT teams agree that object storage is both cheaper and infinitely scalable versus file-and block-based alternatives, but are reluctant to begin using it for security concerns,” he said. “The DataKeep Object Store Agent closes that gap by allowing organizations to protect both on-premises and cloud-based S3 compatible object storage with a FIPS 140-2 certified solution, regardless of how big they become. It’s perfect for migrating infrequently accessed or archived data — including backups via the DataKeep file and volume agents that can double as a remedy for ransomware.”
Read more about:Agents
About the Author(s)
You May Also Like
November's Top 20 Stories: Broadcom-VMware, AI in UCaaS, Google Cloud Shake-UpDec 04, 2023
Digital Transformation 2.0? IT Teams Look Ahead to 2024Dec 05, 2023
Insight-SADA Deal Makes Tony Safoian Richest Man in the ChannelDec 04, 2023
AWS re:Invent Partner, Vendor News: Cisco, Salesforce, MoreDec 01, 2023