The use of automation in hacking has increased significantly and the response needs to be considered accordingly.
While the use of automation is not necessarily new, companies have inadvertently increased their attack surface over time and, to this extent, the complexity and advancements of the attacks require a different defensive approach.
Visit www.port443.co.za for more information
To support the growth aspirations of the business, the ICT landscape needs to evolve continuously. These include strategies relating to digital transformation, the increasing prevalence of connectivity to third parties, cloud-native applications, and the support of remote working. The corresponding ICT “sprawl” and complexity contribute to the challenges associated with mitigating attacks across the ever-evolving estate.
As the prevalence of API-supported technologies increases, two things should be considered.
- By virtue of the fact that more and more applications have APIs, there is a corresponding increase in the attack surface exposed for exploitation.
- With the increase of available APIs across mainstream security controls, there exists the ability to use these APIs in conjunction with automation platforms to improve the efficacy of the cybersecurity posture, and the defensive response.
The prevalence of the API economy can be taken advantage of when it comes to risk mitigation, management, oversight and control.
The National Institute of Standards and Technology (NIST) recommends the phases for the framework of incident response as follows.
- Detection and analysis
- Containment, eradication and recovery
- Post-incident activity
Using a security orchestration, automation and remediation (Soar) platform, the speed and accuracy with which these phases can be executed increase materially. A Soar platform integrates with cybersecurity controls via APIs. In so doing, the efficacy of the response to incidents can be significantly enhanced.
The preparation phase can be supplemented with automation relating to the continuous hardening of the configuration of controls according to best practice, thereby lowering the probability of an incident occurring in the first place.
The detection and analysis phase can be supplemented with automation via embedded threat intelligence feeds, contextualising the threats and reducing false positives. This, in turn, allows for a focus on true positives and false negatives, reducing analyst load and alert fatigue.
In terms of the containment and eradication phase, a Soar platform with appropriately configured playbooks will enable immediate containment, allowing for additional time to eradicate and recover.
This needn’t be a costly exercise.
While Soar platforms in and of themselves can be costly, and the skills required to develop thereon are scarce, Port443 offers these capabilities “as a service”, easily consumed across your ICT estate as a fully managed capability.
- This promoted content was paid for by the party concerned