Likewise, many alerts are inactionable. Talk to almost any incident response team and you will hear the complaint that “we can detect threats but can’t respond to them in time” or “our controls send alerts but can’t automatically remediate them.” This is ultimately why incident response is such a reactive process – it has become a cumbersome manual task just to prioritize alerts.
Three benefits of security automation
The difference between manual processes and automation can be the difference between hours and minutes. Beyond saving time, here are three benefits of optimizing security automation:
Ad Statistics
Times Displayed: 79206
Times Visited: 2800 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
1. Device Context – Automation enables organizations to maintain up-to-date information about all their cyber assets as soon as they join or leave the network. Network context is key to understanding where the device is connected (e.g., which switch, port, SSID, etc.), from where it is connecting, and what it is. This context enables understanding the difference between a Windows 7 PC vs. a Windows 7 laptop that is operating a pill dispensing cart on a hospital floor. This information can be easily integrated into other security tools.
2. Orchestrated Workflows – Automated workflows (e.g., “playbooks”) can enforce policies and trigger a response, from finding vulnerable devices to isolating them until they can be remediated. Automatically triggering remediation, such as executing a script, fixing a missing agent, or triggering a patch, is a key capability to stay ahead of threats.
3. Accelerated Response – Multifactor risk scoring and advanced threat detection can prioritize alerts to the risks and threats that matter most. Ideally, responses should include actions at the network level since host-based controls are often disabled by malware. Cyberattacks have become increasingly decommodified and automated, so responding to incidents at machine speed is critical to preventing a breach.
Building confidence: Trust the process
Healthcare organizations may be slow to implement automation because they are concerned about breaking a mission critical process. However, organizations that invest the time to setting up automation will become far more efficient and save much more time in the long run.
The key to setting up automation is to have good data and context come in so you may trust the information and to recognize how things work. Visibility and monitoring solutions can provide rich information into the depth and breadth of a network so that organizations can eliminate their blind spots. Fully integrated platforms enable organizations to enable multiple capabilities to move beyond visibility and into automated action. And in doing so, they can move to a more proactive approach to assessing risks and responding to threats.
About the author: Tamer Baker is the VP of global healthcare at Forescout.Back to HCB News
