For years the IT community has been building walls and digging moats to keep out cyber attackers. Now the focus has shifted. Rather than zero-in on outside invaders, security experts have set their sights on internal vulnerability. – Federal Times.
Automation alone can’t prevent cyber attacks. Why? “It is critical to have people standing on the wall, but someone is always going to slip through, so you do have to have your defense in place beyond that wall,” said Greg Kushto, director of security practice for IT solutions provider Force 3.
Kushto told Chris Dorobek on the DorobekINISDER program that the people factor will always be a big issue for IT professionals.
“I refer to automation as a force multiplier tool. It can’t do anything that you don’t already have the staff or the resources to do,” said Kushto. “Automation just makes it more efficient. When you’re talking about information security automation is certainly something that computers are great at, but you have to have people to actually set up the automation, direct it, tune it, and keep tuning it honestly. There really is no automated set and forget solution.”
“Digital defenders can be programmed to respond instantly to a range of attacks. When it comes to insider threats, however, IT leaders increasingly believe that human intervention is needed,” reports Federal Times.
People are here to stay.
“Automation lessens the work of sifting through a large amount of data. It makes finding the needle in the haystack problem simpler. But, you’re still going to need somebody to tell the computer or tell the security product how to look through that hay,” said Kushto.
One of the reasons that automation is only a tool and not a complete security solution is that hackers are humans – so the defense needs to be thinking like a human, too, not a computer.
“The difference between security and every other IT problem is that there’s a human being on the other end of this problem. So even once you solve whatever problem they’re trying to create, they’re going to create a different problem,” said Kushto.
Another problem with only focusing on automation is competing data sets.
“Every organization has completely different data that they’re trying to protect. If you have sensitive Word documents, or sensitive databases, they’re completely different for every person, or for every organization. The other problem is a lot of the people involved with doing security may not know what’s important,” said Kushto. “They have to work with their leadership; they’re going have to work with the CIO, they’re going have to work with other stakeholders or SES-ers within their organization to figure out what exactly does everyone agree should be protected. Automation can’t do that.”
Agencies really need to align their human and automation because the threats are getting bigger. Federal Times reports, “In a 2013 study on advanced persistent threat awareness, the industry association ISACA found that one in five security professionals reported experiencing an advanced persistent threat attack, while 63 percent said it is just a matter of time before their systems are targeted. Arbor Networks Inc.’s research found a 36-percent increase in advanced persistent threats in its most recent survey.”
“You need to be able to correlate the information between all those tools. Today you can’t just go out and buy a firewall, you also need intrusion detection, you’re going to need data loss prevention. Being able to take all the output from those tools and tie that together in a single place and compare it is really powerful,” said Kushto.