The Future of Cyber Security Defense: Make Way for Bots
By Carl Herberger, VP Security Solutions, Radware
This summer, the SEC indicted a group of 32 hackers and rogue stock traders for hacking into various Newswire services and stealing press releases before they were publically released. They earned north of $100M from insider trading. This scheme worked for more than five years because the newswires were unable to detect the hacks.
"Current technology shifts have changed what leaders of news organizations have come to expect from IT and have also disrupted many commonly accepted security models"
Similarly in 2013, the Twitter account of the Associated Press was hacked and false reports of an explosion in the White House injuring President Obama caused a temporary tumble in the stock market. This is evidence of a core issue that relates to the dangers posed by future attacks–the manipulation of information that resides on media platforms that are viewed as credible sources. Casting false reports on websites or via social media accounts can cause a level of mayhem and endanger those who consume the news through these channels.
Current technology shifts have changed what leaders of news organizations have come to expect from IT and have also disrupted many commonly accepted security models. These changes have resulted in complications for newsroom security professionals dealing with different operating environments and have also contributed to a loss of visibility to the overall business picture. News organizations need to have the ability to detect threats with high accuracy in one location and react to those revelations in all operating environments in real time. They can then orchestrate changes to the affected systems quickly and universally.
Information is power and newsrooms need to invest in strong protocols and shore up their defenses in order to protect the information they report to the public. Credibility and reliability are mainstays of the media and it is important to ensure neither is tarnished. The need to secure the network infrastructure of news organizations is paramount, and unfortunately, time is not on their side.
So what does the perfect security model looks like?
In short, the front lines of information security will not include humans. As defenses continue to succumb to an endless barrage of attacks and an almost immeasurable onslaught of new attack techniques, the notion of humans being able to deploy detection technologies and choreograph responses in real-time will fall away. In essence, human interaction with cyber defense will be deemed for what it currently is –imperfect and unreliable in the face of attacks that are largely automated and mostly reliable, if not perfect. It will be the fall of human cyber security defenses and the rise of the cyber botted-defenses.
Although Bots are indeed the future, there is a caveat: the design and the caretaking or break-fix of information security will still require human intervention, but much of the activities of current security professionals will be overcome buy automation. This refers to the operational and key critical functions of information security as we know it today. The following aspects will quickly be replaced by bots, which are focused on superior value delivery
With in these main areas:
- Network and application security
- Cyber attack mitigation
- Incident response
- Disaster recovery
- Identity and access management
Why and how you might ask?
First let’s come to agreement that compelling economics will always trump human objections as a core principle. If it is cheaper and perhaps more effective, organizations will switch to automation, such as a computer, a process, or a bot.
Now, why is automation better? It’s really simple: People cost money and are ubiquitously insecure. Let’s first take the costs of people in terms of both overt and covert costs–overt meaning dollars and cents and covert referring to how security professionals can contribute to insecurity.
Cost of security professionals: dollars and security
- Accidents–including those being socially engineered
- Carelessness–including incorrect configuration and misdiagnosis of security problems
- Unavailability–people must sleep, take vacations, have time off
Conversely automation will:
- Decrease insurance costs
- Reduce liabilities
- Mitigate risks
- Improve security and corporate policy compliance
Information Security problems have been largely defined by nefarious bots usurping the controls put in place by modest and imperfect security departments unable to match the detection quality or mitigation speed to meet these highly crafted automated bots. These bots have proven themselves so effective that they have taken tolls on careers, finances, and the existence of companies themselves. As the costs rise and the concerns meet a crescendo, business executives are being met with newer and newer technologies designed to handle the threats in an ever increasing automated fashion. As a result, these automated ‘white-hat’ bots will slowly ebb the tide of hiring security professionals and then move quicker to replace headcount as they prove themselves more effective than the heads they replace and cheaper.
So, what areas are most ripe for quick replacement of ‘bots’? Well, it’s anyone’s guess, but companies are spawning all over the startup world with automated solutions to the following security problems which can have the effect of no longer needing headcount:
- Compliance: The days of spreadsheets and attestations give way to portals and self-reporting.
- Security Vulnerability Testing: Does anyone believe that vulnerability assessments still need to be heavy handed and personalized and these activities can’t be not only more automated, but conducted more frequently with better results?
- Incident Response: These processes today are wrought with latency of human interaction and vulnerable to fast moving attacks which take advantage of the human decision making loop–which is too slow to keep up with automated attacks.
- Governance: In the future, corporate policies will be fed into tools which constantly monitor the work environment for violations in an automated fashion
- Security Operations: This area is already under assault as there is decreasing value associated with people watch detection technology and providing for escalations. These roles will soon find themselves integration into automation and orchestration software programs which can quickly and automatically react to attacks. One needs to only look to the Netflix Simian army or Amazon’s use of AWS to see great examples of how this will work going forward.
Rest assured, the future of security is not bleak for the security professional who understands how to put in place this automation and orchestrate and fix white-hat botted problems. However if you are security “wrench-turner” your wrenches are soon to be pixilated. If you are a modern day newsroom, the faster you migrate to a high quality, agile detection, and mitigation environment which can be customized and self-healed, the better for your continued success.