ANALYSIS Offsetting Asymmetry With Automation

enterprise-security

ALL EC Ecommerce Exchange
Looking for ecommerce software or service providers for your online business? Search and compare vendors by specialty and location. Choose the best solutions to help your business grow and succeed.
Put ALL EC to work for you today!

In the security world, there is a truism that defense (protecting systems) is harder than offense (breaking into systems) because it’s an asymmetric playing field. The bad guys need only find one path into an environment — one place where everything hasn’t been done exactly “just so” and perfectly — while those charged with securing that environment need to protect against intrusions everywhere they have a technology footprint.

It doesn’t stop there — the asymmetry is apparent in other respects as well. For example, a large percentage (if not all) of a company’s staff members go home at night. They may not watch the environment as closely on the weekends or on holidays. Attackers, on the other hand, can operate from wherever, whenever (be it 5 p.m. on Friday or 2 a.m. on New Year’s Eve), and they can target any place in an environment or even multiple places as once.

There are situations that compound this effect. For one, there is a skills gap among security professionals, data suggests. For example, 55 percent of the organizations responding to a recent survey said that it took them at least three months to fill open security positions, according to ISACA’s State of Cybersecurity 2017 report.

For 32 percent of enterprises, it took six months or more. Likewise, 37 percent of those surveyed said that fewer than one in four candidates had appropriate qualifications for the positions they wanted to fill.

The point is, there’s an unevenness about security — as a discipline — that makes it asymmetric and therefore difficult to do well and consistently. This unevenness is compounded by challenges in acquiring staff and acquiring tools, and the fact that the threat landscape is evolving constantly.

This in turn means that organizations — and the security and assurance practitioners that support them — need to up their game in terms of how they approach security if they intend to level the playing field. It means, in short, that they need to automate.

Why Automation?

One strategy that organizations can use to help offset some of the inherent asymmetry in keeping technology secured is to make extensive use of automation to support security practices.

Why automation? There are a few reasons. First, there is the obvious one. To the extent that you can automate a task, you can “cheat the resource curve.” That means if you’ve automated a task, you don’t need boots on the…