Do’s and Don’ts of Cybersecurity AutomationDecember 10, 2019
By Jerry Vasquez
Automation is key for any business on the upward trajectory of success. With emerging technologies, almost everything can be automated, including critical cybersecurity functions. In fact, automation has permeated the cybersecurity sector, particularly in the realms of access management, network change management, and identity management.
This has enabled better outcomes, including enhanced response times, lessening of human resource burdens caused by mundane tasks, and simply speeding things up.
That said, there are some do’s and don’ts of cybersecurity automation that must be considered, lest the negatives outweigh the positives.
Don’t be 100% hands off
While automation implies that things will be automatically handled, people should always stay actively involved and monitoring security measures. Automation is never really fully automatic (or at least it shouldn’t be) as human oversight is necessary to maintain control and to ensure security.
This means cybersecurity teams should conduct regular analysis of system logs and status reports. While automation should help to unburden skilled human workers from tedious manual tasks, this freed up time should be spent on strategic items like identifying new vulnerabilities and taking any necessary follow up actions as indicated by automated processes.
Do keep a finger on the pulse of vendors
While it might be tempting to enable third party vendors to implement cybersecurity automation and then “set it and forget it”, it’s not recommended. Third-party vendors should be closely monitored and periodically reviewed. This includes reviewing vendor access to internal systems and networks as this can introduce new security vulnerabilities.
Ahead of partnering with vendors, organizations should discuss each vendors’ security policies as well as a list of references for background information. Additionally, aggregating solutions under one vendor or consolidating point solutions into more comprehensive solutions can help reduce the number of third parties that have access to networks and systems.
Do create a cybersecurity playbook to guide automation efforts
Before diving headfirst into cybersecurity automation, it can be helpful to map out how your organization will implement these capabilities. This means listing out the processes you want to develop, which will require a systematic analysis. A playbook should include detailed information and guidance on conducting the analysis, a system for creating new processes, and information about roles and responsibilities at each step along the way.
This may require a revamping of the internal team and leadership structures. In any event, having your end goals — and how you anticipate reaching those end goals — documented is a big step in the right direction. It can guide your efforts and introduce accountability into the endeavor.
The cybersecurity landscape is constantly evolving and becoming increasingly complex. While security automation tools and techniques will aid companies in navigating this sometimes-rocky terrain, there are some safeguards that should be in place.
The do’s and don’ts listed above are a good starting point for some of these safeguards, which can not only improve your efforts at cybersecurity automation but ensure that things don’t go off the rails. Staying up to speed with cybersecurity automation will be critical moving forward, however, moving too fast without the right strategy can be detrimental.
About the Author
A self-professed pirate captain with two decades of leadership experience, Jerry Vasquez has lead teams from 60+ cooks and chefs to 16 Networking engineers to now Product Manager for Managed Hosting at Liquid Web.