Security

How can security automation keep organizations protected?

It sometimes seems like security teams rely too heavily on “set and forget” security and don’t have enough security…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

professionals to provide human analysis and judgment. What are the risks with security automation in this regard? How can organizations take advantage of security automation, but remain protected?

The purpose of security automation is to facilitate protection, monitoring and identification of assets that would otherwise be impossible to perform manually. The operative word is facilitate — not set and forget. All software needs to be tailored for the enterprise’s unique environment and updated to maintain the level of protection and monitoring required. The key is to find the right balance where maintenance is routine, necessary and sufficient.

Once in place, these tools should generate alerts and reporting on anomalies or vulnerabilities for the security team to vet and determine if further follow-up procedures are needed to mitigate or eliminate the threats reported.

No one is void of attacks, and with the proliferation of new attack vectors introduced daily, it is foolish to believe that the security automation tool does not need further attention. Patches alone warrant some interaction from the security team, otherwise the tool would only be configured for attack signatures known since its implementation. Lack of attention would undoubtedly leave the enterprise exposed to unknown vulnerabilities and possible attacks it would otherwise be alerted of.

Some security automation tools require less maintenance than others but all should be reviewed on a periodic basis. Tools are used to ensure patches to servers and software versions are current, agents are installed and active on target devices, alerts correlate to realistic rules, follow-up procedures require proper monitoring, and remediations are timely for high risk vulnerabilities. All of these require time, research and action on the part of security team members to maintain proper protection and monitoring levels. To believe these security tools run on autopilot is not prudent.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Find out if the industry is ready for cloud security automation

Read more about automated security analysis of mobile apps

Discover what security automation should do for enterprises


Dig Deeper on Enterprise Risk Management: Metrics and Assessments


Source link

Tags

About the author

GG

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *