Automation revolutionized the car manufacturing industry decades ago, because it is ideally suited to replace manual repetitive tasks. Today, other sectors too are adopting the use of automation, such as construction. Brick laying is a perfect example. A robot named SAM can now lay bricks 500 times faster than a human can. This will drive down cost and reduce delivery times with little human involvement. It is easy to see why automation is an aspiration for many.
In our domain, cybersecurity professionals defending businesses from cybercriminals are involved in an ever-developing cat and mouse game (see the latest Terrifying Cybercrime and Cybersecurity Statistics & Trends). Security teams must adapt to new and alternative attacks. The traditional methods of perimeter defense and monitoring that are predicated on manual processes do not scale well in the era of cloud computing and connected devices/things. Manual steps in place for years that often were not worth the effort to automate will haunt cybersecurity teams, becoming unsustainable.
So, it should be no surprise that using automation to address security issues at scale will increase. Automating security also ties into building resilient systems. Automating repetitive security processes, integrating fully into the IT and development infrastructure, and breaking down barriers between data silos will help cybersecurity teams: 1) better preserve their security posture; 2) mitigate the damage of longer response times; and 3) free up headcount from tactical activity to focus on longer-term strategic initiatives.
So where do we support automation in the Micro Focus cybersecurity portfolio?
- Automation is the fundamental value prop for NetIQ (NetIQ collateral assets). We automate most of the identity life cycle. NetIQ can automate the provisioning and de-provisioning of accounts based on policy, workflows and identity type. It can automate governance attestations and automate the synchronization of changes across all managed identity stores. It can automate AuthZ and AuthN step-up authentication based on activity and risk type and can automate how AuthZ and AuthN work based on geolocation. It can automate the policy creation for Windows, Azure, Linux, Unix, and non-domain joined devices as well as automate the recording of privileged activities for compliance and auditing purposes.
- For Access, the most significant point of automation is the ArcSight Intelligence (Formerly Interset) plug-in for the NetIQ Risk Service. Increasingly IT security teams are discovering that they can’t count exclusively on risk rules because it doesn’t take long before they become unwieldy. The ArcSight Intelligence plug-in is a way to leverage the strengths of unsupervised machine learning to pick up where the most basic rules end.
- ArcSight SOAR helps cybersecurity teams improve their efficiency. See how to Speed Up Security Operations with ArcSight SOAR. We also have three great videos to check out on the subject: ArcSight SOAR: Business Resiliency through Extreme Automation, a Showcase Demo and a First Look at ArcSight Security Orchestration Automation and Response (SOAR).
- ArcSight Intelligence automates the discovery of the unknown unknowns w/unsupervised machine learning. Traditional analytics, like database queries using SQL, is all about finding information based upon known queries. Unsupervised machine learning lets the data tell its story without explicit human guidance. Check out this white paper, Machine Learning and Advanced Analytics to Address Today’s Security Challenges.
- There is an increasing trend toward automation to keep up with the velocity of development. Have your AppSec specialists/SE share with your customers how we integrate/automate AppSec testing into their CI/CD pipelines and dev tool chains. Here is an overview on how we accomplish Seamless Application Security: Security at the Speed of DevOps. Or you can get more specific with our cloud (Azure DevOps, AWS), ScanCentral (SAST, DAST), or Fortify on Demand (FOD) capabilities.
- Audit Assistant leverages past audit decisions to power machine learning assisted auditing that can dramatically reduce auditing effort. Fortify R&D is working with the Interset team to explore ways of making our current offering even better in the future.
- Voltage File Analysis Suite (FAS)
- Automate the discovery and analysis of unstructured data through AI-powered analytics. Highly scalable SaaS file analysis provides continuous data discovery, tagging, context-aware analytics, and collaboration across unstructured repositories and file shares such as Exchange, Office365, Teams/SharePoint Online, cloud stores, and more. Here is a good summary on the Voltage File Analysis Suite.
- Voltage SmartCipher
- Built-in file monitoring and alerting with automated discovery of files during creation, in use, or at rest, and file classification, give enterprises broad control and protection over sensitive files. You can find more in our SmartCipher Data Sheet.
- Enables integration with automation, workflow, and 3rd party products such as DLP and as well, lays a foundation for framework approach as it integrates with the Voltage portfolio products for unstructured data (e.g., integrations with FAS and SecureMail).
- Voltage Structured Data Manager (SDM)
- Automatically discovers sensitive data across all structured repositories, active and inactive. Customers can reduce risk and time by automating the way they discover sensitive data. Customers can then protect discovered sensitive data with SecureData.
- Automates the archiving or retirement of data while preserving its business value and meeting the desired access requirements.
- Automates recovery from failures during archive runs by archiving complete transactions and built-in job recovery capabilities, no matter how many tables are involved.
- Moves, validates, and deletes inactive data from applications through an automated process that delivers significant savings in database maintenance.
- Here’s What’s new for SDM.
- Voltage SecureData
- SecureData cloud integrations (AWS, Azure, and GCP) natively support data-centric protection workloads triggered and executed across AWS Lambda, Azure Functions, and Google Functions, enabling enterprises to run data protection functions as-a-service (FaaS), for data ingestion, storage, visualization, and other native cloud services. With Voltage SecureData enterprises can safely use the power and scale of cloud services without compromising security or privacy of data. Here’s a white paper on Voltage SecureData Cloud and an on-demand webinar on SecureData Cloud support.
As you can see, we have lots of security automation today in our portfolio and there’s more to come.
We also need to recognize that while security automation has benefits, it is not a quick, fix-all solution. Automation will never fully replace human intuition and expertise. You will also find folks that are still resistant to automation whether it’s over concerns about causing operational incidents or potential loss of headcount as processes become more efficient. However, I believe that the volume, velocity, shortage of skilled resources, and cost drivers will inevitably force the issue. We will need to make our processes more efficient and resilient.