Save money and improve network security through automation
- By Eric Stuhl
- Apr 05, 2019
When an agency’s network is attacked, the security response is often a manual process. A team of analysts collect information from several separate tools to contain, divert and investigate the attack. This process takes time and resources and, ultimately, costs the agency a great deal money.
Agencies can improve their network security and, at the same time, increase efficiency and cost-effectiveness by automating their security responses.
Reduce down time
Connecting several security tools with a policy engine so they work as a unified whole is a good step toward automating network security. For example, when a vulnerability scanner detects an issue, the policy engine would take that vulnerability report and act on it by inserting a firewall rule or isolating the infected device. Then a security agent can investigate and identify the compromise and the attack vector and remediate the device.
This automated response will kick in at any time, even if an attack occurs at 3 a.m. The automated system reduces the response time from hours or days to minutes or seconds, minimizing the damage of an attack. A shorter response time leads to a more stable network with less down time, which in turn saves money.
Save money through consolidation
Another way automating network security saves money is by allowing agencies to consolidate tools that perform similar functions. With a cloud migration, legacy tools may no longer be viable or valuable, and automated processes and controls might be required.
As technology evolves, features and functions that were once unique services are getting rolled into core devices. In the past, for example, a security network might have had a firewall, an intrusion prevention system, a proxy, server and anti-malware and virus detection software. In today's firewalls, all those capabilities are included as core functions. As a result, many of these separate resources can be eliminated, and the maintenance, licensing, and investment can be redirected into additional controls or processes that are more relevant.
Maximize investments in people
An automated response also increases accuracy by removing the risk of human error. Humans make mistakes -- machines don’t. A consistent policy across all devices will provide the same response every time instead of a different level of action based on who is responding. An automated response can also generate consistent reporting of steps taken and their results -- information that can help increase efficiencies in the future.
Replacing humans with machines for some tasks will certainly reduce the risk of error, but people are still a vital part of any agency. Attracting and retaining the best team members will save an agency the cost of turnover, training and other human resources-related expenses. Finding skilled security professionals can be a challenge in today’s market, so it’s important to get the most out of each team member. Automating security responses can free up employees who are currently installing security policies and controls and put them into more forward-thinking, proactive roles. This reallocation will provide a greater return on investment, and it will give team members work that is less repetitive and more meaningful.
Moving to an automated security system can be daunting. It takes time to properly set up the policies and consolidate tools, but agencies don’t have to do it alone. A partner can help with policy generation, the outline of a customized automation process and building a secure migration strategy. A network security partner can also ease the transition by building in a monitoring phase to show how automation will operate before implementation. This allows security administrators some time to get comfortable with the process and understand how those changes would impact the network.
And, as a final step, agencies must implement measurement and reporting processes to understand the impact automation has made on the stability of the environment and, ultimately, their mission.
Eric Stuhl is director of enterprise networks and security at Force 3.