One of the biggest challenges with cyber security is that it’s a problem that cannot simply be solved by spending more money. A great example is the infamous Target incident from 2013. The retail giant had invested a significant amount into security, and had a number of impressive measures in place (as most large enterprises do). Unfortunately, as we all know, those fancy bells and whistles were not enough to protect against the compromise of some 70 million customer records (40 million of which included credit card numbers). This is where SOC automation can be immeasurably beneficial, and here’s why.
First, what can we learn from the Target debacle? After the massive breach, much research and analysis was conducted to determine where the vulnerability was and how it was exploited. It turns out the hackers point of entry was point-of-sale terminals, all of which – coincidentally – had multiple types of malware installed on them. In fact, their monitoring system successfully detected the breach when it first occurred, but no action was taken. Why? Because the sheer volume of incoming threats was simply too much for the human workers at the helm to handle.
While Target’s story may have taken over the headlines (and cost the firm both financially as well as reputationally), it’s really not that uncommon. In fact, these types of situations occur almost daily with other commercial and even governmental organizations, regardless of size or industry. And while the tools in place to monitor incoming threats may be getting more effective, without the right strategy in place, it’s not enough to keep an organization safe. In fact, 36% of security breaches still take several days to be discovered. 27% take weeks or even months. Imagine the damage that could be done in that amount of time!
Many security professionals are struggling to find a way to lessen the amount of time between detection and remediation. SOC automation can dramatically reduce this timeframe, mitigating potential damages (such as what happened to Target). The way it works is relatively simple, yet highly effective. In a traditional SOC, when an operator receives an alert, he or she would have to initiate the next steps manually. This could be time consuming and incredibly error-prone. When these actions are automated, the process is much faster and more accurate. This speeds up response time and minimizes errors with little to no human intervention required.
Automated incident response also an attractive option from a cost standpoint, since most SOC automation tools are compatible and can be integrated seamlessly with a wide variety of existing systems and applications, providing a centralized security platform that offers greater visibility and control. This essentially extends and enhances the ability of other systems and creates a closed-loop process, minimizing the gap between detection and remediation and establishing a much more solid defense against would-be attackers.