Technology tools that automate and standardise the response to cyberattacks have allowed Nedbank to dramatically slash the time spent securing its operations.

Automating routine tasks like intrusion detection and removing phishing e-mail has made its systems more secure and freed up its technicians for other tasks, said Japie Vermeulen, head of Nedbank’s Security Orchestration, Automation and Response (Soar) division.

Nedbank’s Japie Vermeulen, second from right

One network traffic monitoring task that took three hours a day is now finished in six-and-a-half minutes, while a process of removing rogue e-mails that previously took two hours is now down to two and a half minutes.

The transformation was achieved using Soar tools, Vermeulen said at a TechCentral roundtable on “Securing the Future”. He believes he can free up six full-time professionals this year by using Soar tools to further automate Nedbank’s security measures.

But the growing niche of Soar technology has a dark side, too, because automating a process can just “bake in” the badness of processes that should no longer exist at all. Ideally, implementing a Soar strategy should be preceded by examining the company’s processes first, so any antiquated steps can be eliminated or updated. Businesses often run unnecessary processes because nobody dares to question why something is done in a certain way, the panellists agreed, and automating them just compounds the problem.

Vermeulen also says Soar tools must be managed by people who can code, are passionate about security, and understand the business and its risks. “If you don’t have skilled resources to run it, it’s just another tool sitting there and costing you money,” he warned.

The roundtable, sponsored by Obscure, Dimension Data and Palo Alto Networks, brought together C-suite security experts from the public and private sectors. They all face the challenge of protecting their organisations from a barrage of assaults that forces them to spend a disproportionate amount of time and effort on firefighting, instead of focusing on adding value and taking the business forward.

Boost to security

Soar tools promise to boost security by connecting the often-unwieldy mess of products and processes to standardised, automatable workflows to response to incidents faster and in the same fashion every time. But their take-up isn’t soaring yet, with Gartner predicting that only 15% of organisations will be using them this year.
The roundtable saw spirited debate between customers and technology suppliers, with CIOs speaking from their hearts and calling for vendors to work as partners, share the risks, and walk the journey with them.

They also urged international companies to stop charging so much for their software, with Charles Kungwane, the Chief IT security officer of Motus, proposing that South Africans form a new regulatory organisation to determine how much software companies could charge, much as the construction industry is regulated. Other participants pointed out the impracticalities of that, since buying software isn’t the same as buying a square metre of property.

But Nampak technology architect Celia Geyer agreed that high prices are a real prohibitor in Nampak’s technology choices. “The challenge for me is that all these new threat analytics and tools that we need and that would make a difference for our organisation are just too expensive. This is a real challenge in South Africa overall,” she said.

South African organisations are an attractive target for cybercriminals because in security terms it’s lagging behind other countries, the participants fear.

Yet the need for robust IT security was highlighted clearly by Cyril Baloyi, chief technology officer for the City of Johannesburg, who spoke about various incidents where old and badly maintained systems had collapsed, and a ransomware attack where a hacker tried to encrypt files on the computers.

“We were hit because we had holes and we knew about them, but we didn’t implement fixes on them. The whole thing is a messy, obsolete environment,” he said. “It was a blessing in disguise that we were hit because that made the political principals understand what’s needed.” Some of the measures being imposed now include taking a “zero trust” approach with employees, he said.

Mauritz Grobler from Dimension Data said new technology often fails because of a significant gap between what it is capable of and the skills within the client organisation to make that happen. With security, it’s important to understand what the risks are, and ensure that someone at management level is responsible so whenever a threat is discovered they take ownership and drive the fixes through.

Dimension Data’s Mauritz Grobler, second from left

“Automation is the future of cybersecurity because we don’t have enough skills and we never will,” agreed Dario Fachin, head of IM – Global Information Security at De Beers. But automation tools are not plug and play, because out-of-the-box solutions show too many false positives so a lot of tweaking is needed, he said. De Beers is now using behavioural analytics and machine learning in its security measures, but it still takes a human to write the code and make the changes.

The benefits of Soar tools are expanding well beyond the initial field of security into automating other routine aspects of a business, said Matt Poulton of Palo Alto Networks.

Soar is evolving from the “s” of security to the “o” of orchestration, and being used to automate and secure mundane tasks like human resources processes or cloud configuration.