Reduce cybersecurity risk with security automation

Cybersecurity benchmarking study identifies automation as one of 10 best practices to turbo-boost cybersecurity performance.

It’s no secret that cybersecurity has gotten much tougher in recent years. Cybercrime is booming, with a growing army of threat actors using increasingly powerful tools to exploit a wider range of weaknesses, inflict more damage, and reap bigger financial returns. Meanwhile, many cybersecurity teams are struggling, overwhelmed by skyrocketing vulnerabilities, rapidly expanding attack surfaces, and an onslaught of new threat vectors.

What’s worse, while attackers harness the latest innovations in malicious technology and tactics, many cybersecurity teams still use methods that have barely changed in the last decade. In fact, widespread practices still rely primarily on painstaking manual labor. Slow, expensive, and inefficient, manual approaches are woefully inadequate in an era of soaring threats, chronic talent shortages, and tightening budgets. Manual methods are also inexact, error-prone, and exhausting, leading to costly mistakes and high burnout.

Automation is a great equalizer, enabling cybersecurity teams to get much more done with far less effort and far fewer errors.”

It doesn’t have to be this way. A newer generation of cybersecurity solutions, such as those provided by Skybox Security, replace tedious, hands-on effort with streamlined automation. Automation is a great equalizer, enabling cybersecurity teams to get much more done with far less effort and far fewer errors. It unburdens overworked staff, reduces burnout, and improves talent acquisition and retention. It lets organizations make optimal use of limited resources in a time of economic uncertainty and constrained budgets. In so doing, automation re-levels the cybersecurity playing field, to the point where organizations can stop playing catch-up, dramatically improve their security posture, and retake control of their cyber destiny.

Report

Reduce cyber risk with security posture management

Leaders in risk-based cybersecurity go beyond NIST, applying proactive practices that significantly business reduce risk and improve the bottom line.

The decisive role of automation is made clear in a major new benchmarking study, Cybersecurity Solutions for a Riskier World . The study assessed the effectiveness of cybersecurity programs at 1,200 organizations in 16 countries, identifying practices that result in measurably better outcomes such as reduced breaches and faster incident response times. Automation is singled out as one of “10 best practices to turbo-boost cybersecurity performance.” As the report explains, “Automation helps to deliver better results. It reduces mundane work, drives efficiencies, frees up staff, and enables a more blanket approach to cybersecurity: fighting machines with machines. One CEO notes that companies are embracing automation at record levels to optimize workflows, implement changes, validate network security policies, and accelerate detection and response time.”

Automation can be applied to every stage of cybersecurity, from visualizing the attack surface to identifying and remediating vulnerabilities, ensuring policy compliance, and managing changes.

Asset and vulnerability discovery

Traditional asset discovery typically consists of a mix of manual collection efforts and various software tools like network management, vulnerability scanning, CMDB, and spreadsheets. Management of these tools and processes is often fragmented into multiple silos, with no single source of truth. In addition, these tasks are so time-consuming and labor-intensive that they only occur intermittently, ensuring that asset inventories are quickly out of date.

Similar problems plague traditional vulnerability discovery using active scanning. It’s inefficient, laborious, and riddled with gaps (between scan events) and blind spots (since many assets, such as network devices and OT systems, are impossible or impractical to scan).

Newer-generation automated solutions eliminate all of these drawbacks. They can:

  • Launch scans at frequent, customer-specified intervals (e.g., every 24 hours)
  • Use non-intrusive scanless techniques to discover assets and identify vulnerabilities in unscannable systems, eliminating the blind spots left by traditional active scanning. Combined with active scanning, these scanless techniques allow complete coverage of complex heterogeneous environments, including IT, OT, public and private cloud
  • Merge all of this active and passive scan data with asset and patch information from other sources into one consolidated view—a single source of truth
  • Generate actionable reports and notifications clearly identifying assets and vulnerabilities

All of this is automatic, providing security teams with an accurate, holistic, continuously updated picture of the attack surface and associated vulnerabilities with virtually no effort.

Smart automation helps security programs keep up with the changing threat landscape and support digital transformation initiatives. Many companies still use a manual process for security. They wait for the staff to detect a vulnerability. Then they apply the CBE patch and make sure it is working. They continue to run around in that circle.”
Ravi Srinivasan | CEO Votiro

Network Modeling, Analysis, and Simulation

The traditional way to visualize a network is to manually build a map using institutional knowledge and past maps as a baseline. It’s an arduous, costly, error-prone process that can take weeks or longer. The resulting static map is typically full of holes and is already outdated by the time it’s finished.

As described in our new white paper, Reduce cyber risk with security posture management, automated solutions like Skybox’s go much further. Instead of a static map, these advanced solutions use the information such as routing tables and device configurations collected via automatic discovery methods to construct a true, dynamic network model that reflects the connectivity and interactions on the network. The model is complete and always current, due to comprehensive, continuously updated data collection.

The model, in turn, serves as the basis for several key kinds of analysis and simulation:

  • Attack simulation: identifies potential attacks that could be used by malicious actors.
  • Path analysis: simulates network traffic to test network segmentation and uncover potential attack vectors.
  • Exposure analysis: pinpoints exploitable vulnerabilities and correlates them with an organization’s unique network configurations and security controls to determine if they’re exposed to attack. Exposure analysis is particularly vital because it can distinguish the relatively small subset of total vulnerabilities that are exposed to attack from the much larger number that aren’t. In so doing, it can reduce the vulnerability remediation workload by several orders of magnitude (from hundreds of thousands to thousands, for example).

Advanced tools can perform these analyses automatically and quickly with no hands-on labor. A manual approach would be inordinately time-consuming, taking hundreds of staff hours and monopolizing time that would be better used for prevention and response. Some types of analysis, such as exposure analysis, are so complex that they would be effectively impossible without automation.

Risk scoring and remediation

Many organizations prioritize vulnerabilities the way they always have, using risk scores generated by scanners or home-grown tools and processes (e.g., spreadsheets or databases that perform basic risk-scoring manipulation). In both cases, the scoring is usually based only on the severity (per CVSS) and general exploitability of vulnerabilities. It omits two critical variables: asset importance and exposure. The result is an inaccurate measure of actual risk and a poor basis for remediation decisions. Teams waste precious time on higher-severity vulnerabilities that present little or no risk (because they’re not exposed or because they don’t affect important assets). They also overlook lower-severity vulnerabilities that pose greater danger (because they are exposed and, when compromised, can serve as launch pads for chained attacks). Efforts to tweak scores manually to reflect organizational priorities—e.g., adjusting the scores of specific assets based on their financial impact—are too cumbersome to address more than a small fraction of the at-risk assets.

More advanced tools perform multi-factor risk scoring that takes into account not only severity and exploitability but also asset importance and exposure, providing a far more accurate and reliable assessment of relative risk. Skybox solutions can even quantify the risks in hard-dollar terms, calculating the financial impacts of potential attacks on various assets. This enables cybersecurity organizations to focus their remediation efforts pragmatically for optimal risk reduction and maximum cost-effectiveness. Risk scores are generated rapidly and automatically, saving significant time and labor. Best-of-breed tools also allow scoring algorithms can easily be tailored by customers to more precisely match granular conditions, such as the importance of assets in particular geographies or facilities.

In addition to guiding remediation efforts with high-quality risk scores, advanced tools such as Skybox’s facilitate the remediation process by seamlessly integrating into existing workflows and enabling more efficient measurement of SLAs by tracking ticket life-cycles as patches are applied and vulnerabilities removed.

Automation will become even more critically important going forward. The war for talent is tough in our discipline, and automation can help you fill in the gaps when you don’t have all of the people that you need all of the time. Automation also helps you retain talent, because they can avoid working on lower-level tasks. Work becomes less monotonous.”
Curley Henry | Vice President & Deputy CISO Southern Company

Compliance and policy management

Organizations are straining to stay compliant with a raft of new, more complex security and privacy regulations and internal policies. The difficulties are compounded by M&A activity and international expansion. Traditional “stare and compare” compliance verification, in which personnel sift through configuration files looking for violations, is a massive time sink and wholly inadequate to the scale of the task.

Modern automated solutions like Skybox’s, perform the comparison for you, ensuring that networks and devices are compliant and notifying you immediately when they aren’t. These best-of-breed tools use holistic discovery and dynamic modeling to maintain a complete and up-to-the-minute picture of the entire hybrid network environment, which is then checked against regulatory requirements and organizationally-specified policies to verify compliance.

The process is light-years faster than manual checking. For example, we’ve had customers report that they’ve shortened their firewall compliance verification cycles from many weeks to several days. It’s also far more accurate than manual checking, and it’s essentially continuous (running every 24 hours typically), helping organizations maintain compliance and audit readiness at all times.

Change management

Managing network changes has traditionally been a cumbersome, protracted procedure in which requests are meticulously vetted—to confirm that they’re necessary, to assess their security and compliance impacts, and so on—before they’re implemented. It can take many days or weeks to process a single change request, consuming many staff hours and leading to long backlogs.

New-generation tools can radically streamline the process. They can determine whether a change is needed, whether it introduces new exposures or other risks, whether it breaks compliance, or raises other issues—rapidly and without human intervention, shrinking the handling of changes from weeks to days. Automated change management likewise ensures that security protections and compliance are properly maintained even as changes are made.

Tracking and reporting

From compliance management to the boardroom, the ability to report on cyber risk and quickly answer questions that arise from internal or external incidents is a critical aspect of security operations. The usual means of creating reports—by hand, using spreadsheets—is time-consuming and requires specialized skills that are often included in job qualifications. Modern solutions like Skybox’s take all the complexity out of reporting, providing easy-to-use dashboards that enable non-expert users to easily generate and modify reports with a few clicks. Unlike traditional reports, which are static and quickly date, best-of-breed tools keep information updated so that reports stay current.

Transformative impacts

The collective impact of these improvements is enormous. Applying automation to all the above processes can eliminate countless hours of menial work and save millions of dollars annually in labor costs alone. It turbo-charges productivity and enables lean teams to manage vulnerabilities, ensure compliance, and establish a robust security posture to an extent never before possible. Automated systems reduce human error and raise quality across the board. They improve morale and reduce attrition by eliminating much of the drudgery from cybersecurity. By capturing and systematizing best practices, automated systems help preserve institutional knowledge even when people do leave.