IT Solutions Blog | Technologent

Beat Security Automation Threats with an Automated Response

Written by Technologent | May 8, 2017

Advanced Persistent Threats (APTs) lurk on the network, silent and discreet, awaiting the opportunity to steal data without anyone knowing it until a damaging amount of data has already been hijacked.

APTs often arrive as a zero-day threat, with no warning. When they strike, they strike; the damage is done.

IT Security is never predictable. It's important that we utilize security automation to its fullest capabilities.

As one hole is closed, a cadre of hackers invents a new means of opening and exploiting other holes. Increasingly, hackers are doing their dirty work through automated bots.

Bots are typically zombie computers that have been infected with malware that forces them to do whatever a cyber criminal wants them to do. 

For example, one security firm discovered GiftGhostBot, an automated attack that travels all day and all night on the networks of retail firms, robbing consumers of gift cards loaded with credit. GiftGhostBot can strike any website, from a luxury catalog to a coffee purveyor.

This is a prime example of the new cyber security threat gig in town. Automated threats are striking, stealing data and doing damage faster than organizations can respond.

So, what's an IT security manager to do?

IT leaders are accustomed to manual incident response (IR). A human being disarms the attack, implements damage control processes, and gets things back to normal. This is a cumbersome practice when bots attack.

Manual intervention is no match for the automated threat. After all, IT teams can barely keep up with everyday workload in a go-go IT world where technology and security requirements are rapidly changing.

If you can't beat ‘em, join ‘em. That seems to be the next step in combatting automated bots. Strike back with automated IR. Robotic process automation makes it possible for firms to launch automated scripts, or bots in reverse, to respond to security incidents as a human being would.

Automation accelerates IR and provides the scalability to keep up with growing volumes of bot attacks.

Without automation, security teams must pore over thousands of alerts in order to weed out false positives and negatives and prioritize response.

Automated IR tools take over these routine, labor-intensive tasks, making it more feasible to combat the risk posed by automated bots.

Automated threat detection uses artificial intelligence (AI) and machine language to solve more complex problems.

Rather than relying on threat “signatures,” these cognitive automation tools analyze data in real time to spot suspicious behavior. While it’s not possible to fully automate this process, cognitive tools provide valuable decision support that helps humans respond quickly to security events.

Now is the time to be as automated as possible when it comes to security.

According to Symantec's security threat report, there was a 125 percent increase in zero-day attacks in 2016. Nearly 75 percent of websites still have unaddressed vulnerabilities. With the advent of bots, this risk is greatly increased. 

The best defense is a good offense. A wise preemptive strategy is to seek help in implementing automated IR and threat detection to match the risk of automated attack.