Why Cyber Hygiene Automation is Key to Mitigating Risk
CISOs know that mitigating risk to maintain cyber hygiene often turns into a game of whack-a-mole. A threat emerges, the threat is mitigated — only for the next threat to emerge. It’s almost impossible to get to 100% effective mitigation but, of course, a consistent approach helps.
Cyber hygiene is critical. Preventative measures, quick diagnosis, and fast action mitigate a large proportion of the security threats out there. The threat spectrum is continuous and fast-changing. It’s tough for time-pressured security teams to keep ahead.
Staying on top of emerging cyber threats requires a strategic view. In this article, we explain why we think that automating threat mitigation as much as possible allows security teams to focus on more of a proactive, strategic approach to cyber hygiene.
A complex and fast-evolving cyber threat picture
In a recent article, the Microsoft Threat Protection Intelligence Team highlighted how the COVID-19 outbreak has changed the threat landscape. According to Microsoft, malicious attackers take a very cunning approach to exploiting remote working — it’s not just a matter of new remote endpoints and looser security arrangements.
Microsoft’s Detection and Response Team found that damaging exploits were preceded by an attack made months prior. According to Microsoft, “Attackers had infiltrated target networks and then waited silently to monetize their attacks by deploying ransomware when they thought they would see the most financial gain.”
The report from Microsoft underlines how security teams need to look beyond known attack vectors. It points to a more strategic approach: security teams must consider how and where new threats will emerge.
So, do CISOs and their team have the time or the energy to think about potential, unknown security threats?
The short answer is not really…In practice, most IT teams are entangled in the nitty-gritty of threat mitigation. Responding to threats, managing tickets, isolating compromised endpoints… it never ends. If there’s any time left, teams may get down to preventative maintenance through patching and securing.
So, on the one hand, IT teams rarely have the time or focus to practice watertight cyber hygiene. On the other hand, there is little spare time and cognitive capacity to think about potential threats. Forget about preparedness strategy sessions or anything like that — teams are just too busy fighting fires.
Cyber hygiene — aided by automation
The fewer fires there are to fight — the less time is wasted fixing them, and the more time there is to plan and act strategically. Effective cyber hygiene tightens matters up so that attackers have fewer opportunities.
The difficulty lies in ensuring continuous, uninterrupted cyber hygiene. Automating as much as you can is a key step. Here are three ways using automation facilitates cyber hygiene:
1. Automate detection, quarantine and response measures
Automated scanning tools can rapidly detect threats by analyzing application and network behavior. It’s particularly pertinent now that many companies have a user base that works remotely: more unmanaged devices are used across a growing number of unknown networks.
Automated scanning is just the first step. It’s critical to automatically quarantine any application or device that gets flagged. Manually doing it is not good enough because any gaps in time are opportunities for hackers.
Instead, choose a solution that integrates threat detection and network access control. The result: a threat is quarantined the moment it is detected, allowing your team to respond — without a significant risk developing.
Timesaving, preventative automation operates on other layers too. For example, you can install tamper protection to prevent attackers from interfering with security measures. According to the Microsoft Threat Protection Intelligence Team, another good strategy is an account lockout policy that stops repeated, failed login attempts.
2. Deploy cutting-edge firewalls and penetration scanning
We’re all aware of the buzz around automation and machine learning (ML) — how ML can detect the newest, most cunning of threats. Cutting edge network and web application firewalls deploying ML can do much of the hygiene legwork on your team’s behalf.
That is also true for penetration testing and scanning. Advanced tools consistently identify new and emerging vulnerabilities on your networks, delivering an actionable and prioritized report that helps your team to mitigate the most serious and most urgent threats to your cyber hygiene first.
Also, look out for cloud-based tools that pool machine learning knowledge to boost automation capabilities. This informed, continuous-scanning approach protects your technology estate against a wide range of new and emerging threats. It will do so requiring less of your team’s precious resources — resources that can be spent more strategically.
3. Automated patch and update management
According to a Tripwire survey, one out of three breaches is the result of a vulnerability that was not patched on time. Clearly, regular patching is important, but in practice, it is common for patch management to be a leaky process.
Patching engineers are sometimes unaware of everything that needs patching and struggle to patch consistently. Besides, patching often involves disruption as some patches may break configurations by restoring default settings. The net result is imperfect patching. A single critical missed patch is all it takes for a successful breach.
Worse, patch management detracts from more value-added threat management activities. After all, applying patches is a routine exercise that requires a lot of technical skill and time.
Automating patch management not only frees up a significant amount of time for security teams. Automated patching also ensures thorough, end-to-end patching that ends up being far more protective than manual processes that are inevitably ad-hoc in nature.
The threat landscape has predictable — and unpredictable elements
Experienced CISOs know where the most common cybersecurity threats lie. A security expert worth their salt will effectively mitigate these known, predictable threats. However, too often, security teams get stuck dealing with known and predictable threats. It’s the same for their supporting team too: endless hours invested in watching, patching, fixing.
We’re confident that automating as much of these routine measures as possible can help security leaders and their teams ensure more consistent cyber hygiene. Besides, with less time spent on routine measures, teams can turn their attention to proactive measures.
After all, even the most hygienic security regimes can fail against the unpredictable. Frankly, C-level security staff and their teams need headroom. Time to consider novel threats and to build a strategy for comprehensive threat mitigation.
Security automation is more effective than manual intervention, but the biggest value of automation lies in giving IT teams breathing space to think strategically about the threat landscape and plan accordingly.