Is automation the way to go for Incident Response?
Date: 11 February 2020
How important are automation & orchestration in Incident Response? India’s top CISOs answer that question at the Mumbai Wisdom of Crowds event
Cyber Management Alliance enjoys the unique advantage of having access to and the ability to engage with the world’s leading minds in cybersecurity and data privacy. Through its Wisdom of Crowds events, it further amplifies this ability and disseminates the collective wisdom of this erudite coterie of experts to others, who are either deeply interested in cyber resilience or are responsible for keeping their organisations secure.
At the Mumbai Wisdom of Crowds event, held recently in May 2019 at Sofitel BKC, CMA got the opportunity to pick at the minds of some of India’s most renowned and knowledgeable CISOs and Heads of Security. We asked them a simple but really vital question in the modern-day context: ‘What is the importance of automation and orchestration in Incident Response?’
The consensus is clear: Automation is the way to go if the increasing number and complexity of threats have to be dealt with successfully and speedily. Here’s a closer look at what these eleven experts had to say and their experiences with automation & orchestration:
Anoop Das, Enterprise Manager, Middle East & India, Mimecast – “Today, organisations spend money on SOC and SIEM solutions and other technologies. I’d like to see all of them integrate well with some API integration which is bi-directional, so eventually the management gets a singular dashboard with all this information. In case, someone from the management wants to deep dive, they should have the capability for it.”
Mandar Kulkarni, CISO, Grasim Industries – “Automation is becoming more and more important considering the growing number of incidents. We aren’t able to upscale or increase our team size in that proportion so it’s humanly impossible to respond to all of the alerts and incidents. We have to shift our gears and build as much automation as possible and also test the automation. We can easily automate those processes that we’ve mastered manually. They can be easily translated into automated workflows.”
Naresh Kumar, Assistant Vice President, Cybersecurity, DBS Bank – “Automation is certainly the way to go. Every organisation today has 20-25 technologies to protect the enterprise assets. But sometimes it’s not possible to integrate all the tools and technologies together. But if critical devices are integrated with SIEM solutions, it can give more visibility in terms of the security posture. Orchestration is essential because it reduces the burden on security analysts as the truth or information which is required for incident response will be available at one place.”
Avinash Prasad, Vice President & Business Head, Tata Communications – “Automation is one of the levers that can help a SOC or an organisation to look at certain standard types of incidents that are happening. For example, if a known ransomware is already starting to impact organisations and it suddenly comes your way, how would you look at handling that? If automation, driven by the extracted knowledge of incident response, can be crafted into a playbook, it can actually help processes operate better and without the possibility of human error. If the incident happens at 1:00 AM on a Saturday, only automation can help with instant response.”
Aman Malhotra, Senior Manager, Cybersecurity and Data Protection, TUV, SUD – “A lot of automation is taking place everywhere – in the manufacturing and automobile industry. They are automating assembly lines and manufacturing lines. A person could be sitting in Mumbai but he can control and monitor the oil levels in Jamnagar on a real-time dashboard. Automation is catching up everywhere and at an exponential rate. Therefore, we need to ensure that the ecosystem that we create around our organisations is also secure.”
Jobbin James, Manager, Sales Engineering, India/SAARC, SonicWall Inc – “Attack vectors and various attacks using various channels have to be coordinated and understood in a very minimal timeframe. When an incident happens across channels, we can correlate it onto a common platform wherein the end-user gets to know about the attack in a very short time frame. So mitigation time gets shortened.”
Amol Desai, CISO, Reliance Nippon Life Insurance – “Response times are of some length. So that gap has to be shrunk or reduced a lot. When we deploy automation or robotic arrangements within SIEM or SOC or other technologies, we are reducing the gaps in addressing the incident.”
Sudhir Kanvinde, Executive Director, IT, IPA, Ministry of Shipping, GOI – “Everything is now 24X7. Physically monitoring your network is very difficult. So we need automation. In case of any abnormal conditions or deviation from logs, immediate action has to be taken, without human delays. Immediately the concerned person has to be given that information so that action can be taken.”
Mayank Mehta, Head- Information Security, Axis Financial Limited – “The kind of bandwidth of incidents we’re seeing on a regular basis in the industry, makes it very important to use new technologies like Artificial Intelligence and automation to help us respond quicker to all the incidents that we come across.”
Hitesh Vora, Vice President, IT- Waree Group – “Automation does have some utility, although you will require some manual intervention. However, getting symptoms or indications at an early stage is possible only if you have tools that can detect and give you a flash that something is not right. Then you can decide your response.”
Shreyas Vyas, Head of IT, Compuage Infocom Ltd – “Automation is something very important because you cannot continuously monitor something. Response times need to be shorter and that’s the main thing.”