Security automation is great, but don't let that fool you
- By William Jackson
- Jun 17, 2013
It is commonplace to point out that there is no silver bullet in IT security, but it bears repeating that although automating routine security processes can be a big help in protecting assets and systems, it is not a panacea.
Steve Hanna, distinguished engineer at Juniper Networks, in a recent presentation hosted by the Trusted Security Group offered a short list of caveats for implementing automated tools:
Security automation is a new technology. Tools are available, and standards to enable integrating them into an enterprise are emerging, but there often is little experience in large scale implementation across an enterprise. There also is a chance that false positives can block legitimate traffic when responses to suspected malware are automated.
Automated responses can be used against you. You don’t want to be blocked from your own network if there is a kill switch that can be accessed by an intruder.
Don’t become complacent. Don’t assume that the automated system is taking care of everything. This is your opportunity to do some more sophisticated analysis and look toward the new kinds of attacks that are coming. This is freeing you up from the routine items so that you can do more sophisticated things.
Sophisticated attacks can go unnoticed. Recognize that your automated system isn’t going to catch every attack.
William Jackson is freelance writer and the author of the CyberEye blog.