Benefits of Semi Automation - Learn Security Analysis A Lot From Football

1
Benefits of
Semi Automation
2
Introduction

• In football, planning every move down to the
  smallest details is everything. Any coach worth
  his or her salt has a playbook of strategies and
  every move, as impulsive as it may seem, has been
  carefully calculated with perfect If this, then
  that precision, before it ever took place. Yet,
  although every play has been pre-charted,
  effective execution relies on the adaptability of
  players in the moment and a keen understanding of
  the adjustments

3
Security Playbook

• When it comes to the security of corporate data,
  its not all that different from football. In
  order to be ready for anything that comes your
  way, all aspects need to be planned and mapped
  out beforehand, automated with a predetermined
  course of action in the vernacular, IFTTT.
  This security playbook is called security
  automation and its an imperative part of keeping
  all parts of a security operation workflow moving
  together in precise and accurate motion.

4
Automation

• In the complex corporate security environment,
  automation is increasingly the go-to answer for
  organizations lost in a sea of alerts, logs and
  data. But there is a danger in putting too much
  faith into security automation and orchestration
  alone. Organizations often turn to automation
  looking for a technological cure-all for their
  security woes, but while they are very good at
  what they do (at least theoretically), many
  security professionals are wary of handing off
  their most critical processes to a black box that
  cannot make up for the human intellect element.

5
Technology Development

• Machines are not people and as such, do not
  waiver from their predetermined playbooks,
  sometimes to the detriment of the goal at hand
  that of keeping corporate data secure. As
  Gartner security analyst Anton Chuvakin points
  out. There is at this stage of security
  technology development, at least GOOD
  AUTOMATION and EVIL AUTOMATION. Longer term, we
  will certainly see more automation and more
  domains of information security (cybersecurity,
  if you have to) covered by automation, BUT Id be
  willing to bet anything that the profession of a
  security analyst will never be full automated.1

6
What To Learn From Football

• In Forbes, Courtney Nash writes
• From a security standpoint, automation provides
  infrastructure security, and makes it auditable.
  But it doesnt really increase data/information
  security (e.g. this file can/cannot live on that
  server)those too are human tasks requiring human
  judgement.
• Often, just like footballs receiver has to make
  a moments call and adjust strategies, relying on
  automation and orchestration alone is too rigid.
  To be truly useful, orchestration must become far
  more flexible and include people in those
  processes.

7
Within Automation

• When incorporating flexibility into the
  automation process, a typical scenario could go
  something like this

8
The Automated Process

• The automated process and human intellect work
  together to create a dynamic, adaptable security
  infrastructure. Properly implemented the right
  balance of man/machine mix help validate the
  relevancy of alerts allowing analysts to
  close/eliminate cases more quickly and make sure
  analysts only look at cases that actually matter
  while getting rid of the noise.
• Because maintaining varying degrees of
  flexibility is in part dependent on the ability
  to navigate effectively across the security
  infrastructure, teams need tight integration with
  other security tools the tighter the
  integration of all tools from end to end, the
  greater the ability to traverse between
  automation and human investigation.

9
Conclusion

• Finding the perfect balance between human
  intellect and predetermined moves is a bit of an
  art form, just like in football. Flexibility
  within automation, with the input of those people
  who know their processes best, is the key to
  complete security.