When it comes to automating information security processes, even small investments in specific areas of security can lead to big improvements, according to experts speaking in a MeriTalk webinar on Thursday.
“Incremental increases is where you’re going to get big returns,” said Paul Morris, acting CISO and acting director of the Information Assurance and Cybersecurity Division of the Transportation Security Administration. “You have to start in some part of your network, some part of your security stack, and then how do you expand?”
A November MeriTalk study found that many Federal agencies have the necessary data to deal with security threats, but not the means of adequately processing that data. Despite this, only 30 percent of survey respondents said that they are willing to invest in the automation of signature creation and distribution.
“Take those bite-sized pieces,” said Pamela Warren, director of government and industry solutions for Palo Alto Networks, adding that there are a variety of places in which a small amount of automation can make a big difference. “Any place is OK to start because it’s all toward a better ending point.”
For example, Warren described an automation initiative started by the U.K. ministry of defense that tested for latent security talent among the ministry’s employee pool, enabling them to achieve the security manpower they need without spending any more resources.
“We probably have some of the people here, but we don’t even know it,” Warren said.
Morris said that his goal is to use automation to take over the manual aspects of security so that human employees can devote their time to doing more complex work.
“I want my analysts spending 80 percent of their time thinking, not sitting there doing manual tasks,” Morris said.
Warren told MeriTalk in November that a lack of this type of automation can come at a “significant time cost,” adding “to address today’s threats and prevent successful cyberattacks, it’s imperative to automate the creation and distribution of new protections in near-real time and predict the attacker’s next step.”
According to Morris, many Federal organizations are in the crawling or walking stage of this process.
“It’s not about doing everything overnight,” said Warren. “None of this is easy, because if it were we wouldn’t be having a webinar about it.”
The Pedal to the Metal webinar is available on demand here.