We are increasingly living in an automated world. This trend is especially prevalent in the area of cybersecurity, as it has proved to be necessary when working with large amounts of machine-generated data. Time and time again, studies have shown that most breaches are caused by human error. In this year’s Data Breach Investigations Report, Verizon has identified that over 82% of data breaches are caused due to human error. Whether by phishing, misuse, or error, the vast majority of data breaches are attributable to humans. In 2019, Microsoft disclosed a data breach of an internal customer support database that was left vulnerable due to server misconfiguration.
Reducing the risk of human error and intervention is the primary focus of security automation, but there are countless other efficiencies and benefits that can be named. Today, however, we want to talk about automation specifically in the context of cybersecurity tools and the overall cybersecurity process. Automating menial security tasks has long been a trend in security teams for decades, whether it’s scripting the deployment of cloud resources, server backups, suspending user access upon termination, or any number of other security measures. However, these tools, to include AI aren’t magic. They require a guiding hand in furthering the cybersecurity process, and part of that strategy is deciding what tools are used and for what purpose. While we can’t automate the cybersecurity process itself, we can use automation to centralize and unify ordinarily separate security tools to gain the needed insight to vastly improve the overall cybersecurity experience.
Custom tooling considerations
One of the trickiest decisions when approaching cybersecurity automation is the decision to purchase existing solutions or to automate the task in-house. For simple tasks, in-house scripting and automation is the obvious choice; why spend a thousand dollars in licensing if it’ll just take an engineer an hour or two to bang out a PowerShell script? This also comes with the benefit of having a solution that perfectly matches your requirements, at least in theory. But this calculus doesn’t scale well with complexity. As the complexity of the information system grows, so too must the scale of the solution. You can script the backup of a directory to an off-site backup system with a couple of lines in a bash script but coordinating the continuous backup of thousands of end user devices is a much more herculean task.
This is especially true when it comes to automating the interaction between various disparate security tools since there are so many moving parts and hidden variables. When we look at automating the cybersecurity process, rather than specific menial tasks, we need to be able to tie together several distinct security tools into a single workflow that can be more effectively automated.
A competent engineer could write a small program that pulls recent vulnerability scan scanner’s API to create a custom report, but an update to the dependent API endpoint can always break the script. You also need to consider the future; what happens if your organization switches vulnerability scanners next year to bring down licensing costs? In either scenario, you’re left with a broken script that requires maintenance from an engineer that may not even be with the company anymore. If your cybersecurity program leans heavily on this custom tool for process automation, cybersecurity performance could suffer until a fix is found.
Custom tools introduce operational risk that comes with the territory of any home-brew solution. Changes in security tools, IT systems, organizational processes, or even just bad luck can cause automation downtime and significant headaches for management. The lower upfront investment may be tempting in the short term, but it rarely plays out in the long term.
Considerations for off-the-shelf solutions
When it comes to tying together several security tools, it may seem hard to go wrong with prebuilt solutions. Integrating third-party automation significantly offsets the real risk of implementing home-brew solutions as most tools are tested and integrated thoroughly, with reliable support for troubleshooting unexpected behavior and no concern for future compatibility changes. There’s a certain peace of mind that comes from knowing that the tool you have in place that ties together all of your security tools has a company behind it that stands by their product.
That’s not to say that there aren’t drawbacks, however. There are a number of tools along with their marketing departments that make tremendous claims, when in practice, their solutions are akin to fitting a square peg into a round hole. There is a chance that a prebuilt tool doesn’t quite meet every single requirement you may have, and prebuilt solutions tend to be more expensive than a homebrew solution. The increased cost may be heavily outweighed by the value it provides to your organization, but it can still be a hard sell in budgetary conversations. In exchange for a slightly higher upfront cost, you receive a more cohesive product, greater flexibility improved reliability, and reduced risk when compared to an in-house custom solution.
CnSight is purpose built to as a modern platform to facilitate cybersecurity performance management (CPM) which directly leads to more actionable and targeted cybersecurity improvements. Strengthening your cybersecurity program from the ground-up with targeted improvements exacts a tangible impact on the baseline cybersecurity performance of an organization, reducing risk and improving overall security. CPM encourages small, continuous improvements that foster a culture of constant growth and strong competencies in the fundamentals of cybersecurity
CnSight is a lightweight service that integrates with just about any tool that has an API, and even those that don’t. Its value comes from its modularity and flexibility as a strategic tool used to foster a cybersecurity culture of continuous improvement and strong fundamental cybersecurity performance. TDI is leading the charge on a whole new product category in CPM.
Schedule a demo with us today to see why our customers are enjoying a more insightful cybersecurity experience.