Automation cuts costs and improves productivity, and it is as important in cybersecurity as it is in manufacturing. Many labor-intensive security tasks can be automated to allow network defenders to do more in less time, including monitoring, port scanning, vulnerability scanning, and patching. There is a wide range of security tools that can be used to automate tasks to allow security teams to identify and address vulnerabilities more quickly and rapidly detect intrusions and investigate suspicious activity.
Many security tools have been created for blue team use that can save a considerable amount of time. For example, tools are available that can scan for vulnerabilities, automate mitigation, and make suggestions about recommended actions. Manually performing these tasks is time-consuming and extends the window of opportunity for hackers to exploit the flaws. A great deal of threat intelligence is available to network defenders – far too much to sift through manually. Cyber intelligence tools automate the process of checking threat intelligence and can filter out irrelevant information, allowing security teams to focus on the most serious and pertinent threats.
Security Information and Event Management (SIEM) tools are valuable to network defenders. They provide real-time analysis of security alerts generated by applications and network hardware and allow security teams to efficiently collect and analyze log data from all of their digital assets. Security Monitoring and Alerting Tools (SMAAT) and Network Intrusion Detection Systems (NIDS) continuously monitor systems for suspicious activity and instantly alert security teams when a potential intrusion is detected. Automation can help defenders rapidly identify publicly exposed assets, identify cloud misconfigurations, and scan for excessive permissions and vulnerabilities before they can be exploited.
Just as these tools can help network defenders, hackers are also using automation, which is why they are able to conduct so many attacks in such as short space of time. The CapitalOne data breach in 2019 resulted in access being gained to 100 million credit card applications and accounts. The hacker behind that attack – an individual, not a group – also breached the systems of at least 30 other organizations, which was only possible by using automation.
Oftentimes, the same tools that are used by security teams for defense are also being used by hackers for offense. Only through automation is it possible to conduct huge spamming and phishing campaigns, rapidly identify vulnerable Internet-exposed systems to attack, simultaneously exploit vulnerabilities at multiple organizations, and conduct brute force attacks on accounts. For example, hackers use the Autosploit tool to automate searches for vulnerable systems on the Shodan search engine and automate the use of the Metasploit framework for exploiting the vulnerabilities. If hackers are using automation, the only way for security teams to keep up is to also use automation.
The Health Sector Cybersecurity Coordination Center (HC3) recently published a new resource that highlights the benefits of automation and its impact on healthcare. The resource includes suggestions on some of the automation tools that can be used for defensive purposes that have a high level of automation, are easy to implement, and have good support and technical documentation. They can be used by blue teams for defense and red teams for penetration testing to mimic adversaries and identify vulnerabilities before they can be exploited. The resource also explains how hackers are using automation in their attacks, which can help security teams gain a better understanding of their adversaries.
The post Automation Can Help Network Defenders Achieve More in Less Time and Stay One Step Ahead of Hackers appeared first on HIPAA Journal.