What is the importance of automation in incident response?

Date: 16 March 2020

Featured Image

What is the importance of automation in incident response?

Wisdom of Crowds is a series of exclusive and extremely sought-after events organised by the leaders in cyber crisis management, Cyber Management Alliance. At the Wisdom of Crowds congregations, CM-Alliance brings together the sharpest and brightest brains working in the realm of cybersecurity. The idea is firmly rooted in the belief that the power of collective and collaborative wisdom far surpasses the knowledge of an individual or of a few. 

The bi-annual Wisdom of Crowds event held in Dubai’s exquisite Burj Al Arab Jumeirah on October 3, 2019, saw the largest gathering of cyber and data security professionals at any WoC event in Dubai so far. No wonder then that the event was brimming with extremely valuable opinions and insights. A specific aspect critical to the cybersecurity industry – automation in incident response – was certainly touched upon and discussed in detail. Given below are some of the unique inputs of the cyber professionals present at the event on the subject: 

 

1. Jacob Mathew, Head of IT, Abu Dhabi Government, “Automation is very important because we get a lot of events from so many devices – routers, access points, servers, end-users, firewalls. So, all these events mean that it’s important to have automation because only then can the logs be monitored, analysed and then presented to the management, which it is not possible to do manually. So, automation is really critical from an information security perspective.”


2. Pradeep Venkatasubramaniam, Head of IT, Ominto Inc, “Automation clearly enables scalability. The nature of attacks in these times is constantly evolving. In certain cases, the volume of the attack is going to be so high so it’s not easy to scale or it’s not going to be cost-effective to maintain a team all the time. That’s where automation kicks in. By investing in the right level of automation, you’ll be in a position to ensure that your risk window is significantly reduced in the event of an attack and you are not going to have to constantly maintain a large workforce to tackle such a situation. Therefore, I think the right mix of automation and the adoption of automation is very, very important.” 

3. Moussa Arab, Senior Broadcaster & IT Network Security, Government of Dubai, “In today’s world, we are all talking about lack of skills in our environment. There is a very big lack of expertise in this domain because actually there is no real domain. We are just working on reacting on issues that happen. There is no prevention happening; when any product is developed or any technology is coming in the market, we always first think about the operation of the technology and this is why security comes afterwards. This is why cybersecurity is coming in place to protect against this kind of issue that is happening.”

4. Barakat Alkindi, Director, Digital Transformation, Abu Dhabi Police, “Automation can help to improve the security and can help in quick response also. If there is automation, between different layers of technology, it can help the people who are working in response to identify the problem and quickly respond to it.

5. Manas Sarkar, DGM & Business Head, Managed Security Services
, “Automation in incident response is the need of the hour. If you see, the tech landscape is changing very fast and the kind of complexities that you have in the IT infrastructure, one technology will not help you. If you have multiple technologies and multiple controls and then all these controls are creating a lot of logs and incidents for you. If you don’t automate, starting with layer one at least, then you’ll be bombarded with a lot of tickets. To eliminate those tickets, automate at least the first stage, then you can plan accordingly how you can handle the L2, L3 tickets. Without automation, it is quite impossible to deal with cyber-attacks today.”

 

 

6. Mina Gerguis, Manager, IT, Automech Group, “Our plan for automation as management is unfortunately to think that it’s the magical solution to all our issues… not knowing the challenges it will put us against, once actually fully automated. And that’s why it was my task to work out how we can implement automation but still maintain our security and not be vulnerable to more, new issues in the future.”

Subscribe to the Cyber Management Alliance YouTube channel for more insights and interviews from leading cybersecurity executives across the world: https://www.youtube.com/channel/UCm-r7aanAKPc8bu-FqaTVyw