When Cyber Resilience Lags IT Exploits, Automation is the Answer
September 27, 2024
Trying to pinpoint where security and IT leaders struggle with cyber resilience doesn’t always come down to technology. Sometimes it’s a matter of mindset—rethinking our approach to cyber resilience to embrace automation when the world in which we operate is changing rapidly and network teams are overloaded.
Modern networks consist of corporate, industrial, on-prem, and cloud networks. The move to digital transformation and remote work has added exponential complexity. We’re continuing to evolve and scale our networks, making them even more complex as we introduce AI. More than half of CEOs say they already use generative AI to increase efficiency.
As our networks move at light speed into the future, so do our security challenges. For example, threat actors exploit vulnerabilities faster than ever because they are using AI to help discover the latest exploits. In 2023, the average time to exploit vulnerabilities was 44 days, but in 25% of cases, exploits were available on the same day, and 75% were exploited within 19 days.
In
%
of cases
exploits were available
on the same day
And
%
of these cases
were exploited within
19 days
Meanwhile, how we maintain, remediate, and secure our networks has not kept up with today’s reality.
Network engineers are already overworked trying to evolve networks to support new IT initiatives, so they are forced to manually tackle tasks that build cyber resilience during nights and weekends. They are making configuration changes and updates one device at a time, with no reliable and efficient way to figure out what vulnerabilities really matter to the organization and therefore need to be addressed immediately. When an attack happens, they cross their fingers and hope the backup will restore to a known and trusted state.
As IT leaders, we are leaning in to growing our infrastructure to support the needs of the business, while our approach to building cyber resilience—managing security and compliance policies to mitigate risk—is completely out of sync.
Time for automation
Why are teams working so hard, yet cyber resilience remains a struggle? Because we aren’t leveraging automation.
According to new research from EMA, only 18% of network automation initiatives are a complete success. There are many reasons for this, but ultimately, it comes down to trust. We are using automation to help with monitoring and alerting, particularly during off hours, which is foundational to cyber resilience. But the actual work of maintaining devices and remediating is where there’s a reluctance to automate.
Only
18%
of network automation initiatives are a complete success.
Tackling the trust issue
Despite our best efforts, we can do better to mitigate risk from today’s cybersecurity attacks. Let’s overcome the trust issue with a strategy that includes enterprise-grade automation that supports the following best practices for cyber resilience:
Backup and restore
An automation solution should provide backup and recovery beyond simple backup and maintaining the previous version if there’s a glitch. You also need backup validation, notifications of any failed backups so they can be run again, and a central repository with complete version history and everything else required so you can restore to a trusted state quickly.
28%
of organizations had issues related to network segmentation or improperly configured firewalls.
Configuration checks
Research on over 900 ransomware incidents from 2023 indicated that 28% of organizations had issues related to network segmentation or improperly configured firewalls. Leveraging automation, you should be able to audit configurations of all your devices, find out what changed, and reconfigure devices so they are groomed back into compliance with your organization’s standards or industry best practices.
Vulnerability management
There’s a mountain of work involved in correlating CVEs to the device manufacturer, the device type, the device version, and the firmware version. And then you still don’t have the context to understand if the CVE is being actively exploited and if it is a high priority for you. What’s more, CVEs are just one source of vulnerabilities. You must also track information from your device vendors, websites, and other sources. All of that can be automated so you can track more than CVEs, score vulnerabilities with context to help prioritize remediation, and then automate remediation.
OS updates
The update process should include automated pre- and post-checks, so you have visibility into what needs to be updated, confirmation that the update was applied and validated, and notifications of any failures that need to be addressed. Automated backups should bookend the update process for added peace of mind.
Multi-vendor support
Most network environments are comprised of devices from multiple vendors—different firewalls, switches, routers, and more. It’s hard to find enough people with the advanced skill set to manage this complexity manually. It's important to be able to automate all the above functions for different device types from different manufacturers at the same time.
It’s time we started trusting automation in a space that’s the last bastion for manual work so that cyber resilience is in sync with the evolution of our networks.
Rekha Shenoy
The good thing about embracing automation is that there’s no need to hire more people or wait for new emerging technology to be developed. Automation has evolved over the last decade to a point where we can have complete visibility and confidence in the work being done so we don’t have to do it manually.
It’s time we started trusting automation in a space that’s the last bastion for manual work so that cyber resilience is in sync with the evolution of our networks. And in the process, our network engineers will have more time to spend on value-added activities, like the additional network complexity coming our way.
