We’ve mentioned it in many past articles, but unfortunately for Target, their massive security breach in 2013 has become somewhat of a poster child for poorly executed security incident response. Investigations of the breach revealed that multiple alerts of the malware infection were sent. They just weren’t addressed as they should have been…and we all know how that ended for the retail giant. But what does this mean for other businesses? Should you be worried about becoming the next ship to sink at the hands of hackers?
The answer to that question lies in the harsh reality of cyber-attacks. According to a recent report by threat detection vendor Damballa Inc., a typical organization faces an average of 10,000 security events each day. Some larger firms may face upwards of 150,000 events on a daily basis. Furthermore, the report also found that most of the companies surveyed are managing nearly 100 infected machines daily. Given such massive and eye-opening numbers, it’s easy to understand why these breaches occur. There simply are not enough trained people to handle such an influx of events.
Since bringing in additional human capital isn’t a viable option for most businesses, the best solution is to incorporate IT Process Automation into the security incident response process. In fact, 100% of the participants in the Damballa survey agreed that automating manual incident response is the key to managing security needs moving forward.
One solution many enterprises have adopted is a security information and event management (SIEM) strategy. While this is certainly a good place to start, relying solely on an SIEM plan will likely leave businesses more vulnerable than they may realize. Damballa’s CTO, Brian Foster, describes it this way: “With SIEM, you’re getting partial pictures of an elephant, but never the entire elephant.” Much time is also often wasted on false positives and whittling down which incidents truly require attention.
As a more favorable alternative, Foster recommends taking a more comprehensive approach to security incident response by introducing IT automation into the process. The ideal scenario would involve not just pinpointing legitimate alerts, but doing so in a way that is proactive. If an enterprise can implement a security incident response strategy that includes IT Process Automation and can manage incidents in a way that mitigates issues before they develop into an actual problem, the process will be a resounding success.
IT Process Automation can also save a company massive amounts of wasted human capital. According to the 2013 Ponemon Institute Report, it takes IT personnel an average of 90 days to discover a security breach manually. Once discovered, it can then take four months or more to actually resolve the issue. With the right technology in place, the time it takes to discover incidents can be reduced to just one day. As a result, that organization can realize a reduction in “man-days” of approximately 8,633. That’s a pretty compelling statistic.
Obviously, there’s no way to automate everything. Human input will always be needed to some degree. But by incorporating automation into a strong security incident response plan, your business will be much better equipped to deal with the many security challenges it will inevitably face moving forward.