It seems that every time we do a post on IT security, the cybersecurity threat landscape can’t get much hotter. And yet, it always does. The amount of attack surfaces is growing. Most recently, malicious attackers have gone from attacking vulnerable organizations, like healthcare and government agencies, to attacks on national infrastructure.
In episode 7 of our What’s the Point podcast, we talked to Paul Mazzucco, TierPoint’s Chief Security Officer, about:
- the state of security tools,
- automation in cybersecurity
- whether Artificial Intelligence (AI) and/or Machine Learning would eventually replace human security professionals
Watch the full interview below:
Why automation in cybersecurity?
Automation is a hot topic in security thanks to rising threat levels from phishing attacks to Ransomware. Well-funded criminal actors are using automation to increase both the number of data breaches on the enterprise and the sophistication of these attacks. Automation is required to fight automation.
Also read: The Next Generation of Bot Attacks
Paul recommends a zero-trust model for cybersecurity. In this model, every request to access the network is considered a potential threat until verified. Naturally, this approach creates a surge in the number of signals to be analyzed. No human security analyst could keep up.
Adding automation to operational processes cuts through the noise by identifying anomalies and values that rise above set thresholds. When the cyber threat is obvious, response time can be reduced by automating repetitive tasks and pre-approved responses.
Recently, there’s been some debate on the internet as to whether cybercriminals now present a greater threat to national security than state actors. In his comments, Paul reminded us that a growing number of these cybercriminals may be state actors. With nearly unlimited funds, they can hire cyber gangs to carry out their digital attacks, sowing chaos and weakening a rival nation’s infrastructure.
“The bad actors, especially state nations, they’re very well-funded. Rather than being considered a carpet bomb – we can protect against carpet bombs all day – the hackers have sniper tools that are getting more and more advanced.
They’re using advanced detection. They’re using advanced evasion. It used to be 180 days a hacker would sit in your system before they acted on it. Hackers are in and out in an hour now.”
Paul Mazzucco, TierPoint, Chief Security Officer
As for whether automation will replace the human security analyst, Paul said we should never assume the decisions we make today won’t be replaced by algorithms tomorrow. That said, cybersecurity automation tools aren’t as good as old-fashioned human interaction. While it’s wise to error on the side of caution, we can’t yet leave cybersecurity up to the bots. We still need qualified human analysts to configure cybersecurity automation and to assess the data produced by security technologies.
Security recommendations for small and large businesses
As usual, Paul recognizes there is no one-size-fits-all approach to cybersecurity and automation and response. He recommends all organizations, regardless of size, leverage third-party resources to help assess vulnerabilities. This will help the IT organization avoid blind spots in its cybersecurity posture.
For small and mid-sized businesses, there are free vulnerability scanning tools on the market. While these security technologies aren’t as sophisticated as the enterprise tools TierPoint uses with clients, they can help point out the low-hanging fruit to your security team.
Once again, Paul stresses that patching systems may be the most important thing any business can do to keep systems and data secure. Thanks to the increased cybersecurity threat, technology vendors are releasing patches with increasing frequency. Along with the patch, vendors also release details on the code affected so IT can determine what other systems the patch may impact. Unfortunately, this also gives cybercriminals the details they need to target attacks on businesses that don’t patch their systems immediately.
How XDR uses automation for cybersecurity
Effective cybersecurity orchestration requires more than just automated threat detection and incident response in today’s complex IT environments. Increasingly, organizations are leveraging a hybrid IT environment with a mix of on-premise and cloud-based systems. Keeping an eye on all of these systems is challenging, even for the most well-funded IT organizations.
What is XDR?
XDR (extended detection and response) encompasses all IT resources across your enterprise, including servers, networks, switches, firewalls, etc. XDR extends detection and response right down to the network infrastructure in a facility. Because XDR also provides a holistic view, these tools can also spot anomalies that impact seemingly unrelated systems.
XDR does not replace your IT staff. It can augment them with the threat intelligence tools they need to mitigate cyber risks and problem solve. But even with an XDR platform in place, staffing can be a limiting factor for many IT organizations. Cybersecurity professionals continue to be in high demand and limited supply.
TierPoint’s CleanIP XDR combines XDR’s automation and response capabilities with enhanced SOC (Security Operations Center) services to help you harden your security perimeter. Our SOC team will help you detect, respond, and remediate threats. We’ll also help you evolve your cybersecurity posture to keep up with the evolving cyber-threat landscape. Learn about the value of using XDR with an SOC.
Are you ready to use automation to protect your business?
The bottom line is that attackers are using more sophisticated methods to attack businesses. Does your business have a plan to protect vital customer data and applications? Implementing automated cybersecurity tools can help take the full burden from your IT staff. Learn more about CleanIP XDR fact sheet and see how to reduce your risks.