Automation tools needs to be tuned to risk scenarios

Posted on 12-09-2018 by Sijmen Ruwhof

Juniper Networks released an e-book about security automation and analytics, in which I also participated:

From Sijmen Ruwhof’s perspective, the complexity of today’s IT environments has made an ethical hacker’s job easier than ever. “I break into systems for my customers, with permission of course,” he says. “I report on all the security vulnerabilities I find and advise customers in how they can protect themselves against hackers.” In his view, there are two essential parts of a cybersecurity strategy. One is monitoring, detection, and remediation. The other is vulnerability testing. This is true whether you are trying to repair a breach that has already occurred or prevent one from occurring in the future. “You need to see what’s going on, analyze traffic, and look for discrepancies with normal traffic,” Ruwhof explains. “You also need to search for vulnerabilities. Vulnerability testing finds and closes holes. Monitoring detects exploits of holes that have not been found.” He emphasizes that these two go hand in hand. Some tools even allow you to feed security testing results directly into your security-monitoring solution so that you can correlate vulnerabilities to actual monitored traffic and network activity. For instance, if a security alert indicates a file server may be under attack, and this correlates with a vulnerability identified by the testing tool, chaining these two together enables much faster insight and response, and fewer false alarms. Automation plays an essential role when processing data from multiple tools and sources. It enables systems to identify important data while eliminating redundant information much more quickly than humans. Using a security information and event management (SIEM) product to consolidate and correlate data from various testing and monitoring tools requires analytics, machine learning, and automation, but it takes a lot of effort to properly configure security automation tools properly. Make a road map of what you want to automate. Then see what security products… reduce time to process these.

About Sijmen Ruwhof

Independent IT Security Researcher / Ethical Hacker
This entry was posted in analysis, anti-malware, automation, cyber security, interview, security monitoring. Bookmark the permalink.