The security industry may at last be waking up, probably at its customers' behest, to the fact that automation is necessary to underpin a security posture that knows an organization's infrastructure is liable to be breached, and that the odds are currently very much in the attackers' favor, rather than the defenders'.
Ovum has noted that, this year, vendors are finally talking about automating the response capability in their security platforms once they have detected something. For a few years now, when asked whether they could provide automated responses such as quarantining, then removal of the offending code from wherever it has taken up residence within a corporate infrastructure, they have always replied that they could, but that clients do not want it.
The reason for this is fear of false positives. Banks do not want to upset high-net-worth customers who might be shut out from their account because the system suspects that they may be bogus. Online retailers do not want to create friction by making customers jump through extra authentication hoops unless absolutely necessary. Charities do not want to put off potential online donors because the system is worried they may actually be engaged in money laundering.
That too seems to be changing, with some real implementation going beyond just the talk of the past. Several vendors are now talking openly about extending their capabilities to automated response and remediation. Their customers are now ready to take this step, which suggests that, as they face the tidal wave of attacks with overworked and frequently understaffed security teams, they are asking their suppliers to stop the more run-of-the-mill stuff, freeing their analysts to focus on the more sophisticated, complex, and difficult-to-detect attacks. The shortage of staff and talent in security is clearly putting pressure to implement more automation where possible.
Think of it like water: you expect your utility to provide it in clean, drinkable form, leaving you to worry about whether it is hard or soft in your area, and whether you need to add a softener before you turn your washing machine on.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.