The automation of IT is on the rise, as noted by Gartner earlier this week as organisations increasingly opt to use intelligent systems that obviate the need for human intervention. But security is a touchy area when it comes to automation. Sure, there are probably a lot of repetitive tasks that security professionals would love to hand over to machines but they are reluctant to relinquish control. We take a look at the pros and cons of automation in network security.
Robotic arms image by Shutterstock
According to security vendor and research firm, Palo Alto, the top three concerns pertaining network security automation are:
- Perceived loss of control and the desire to retain a human element maintaining network security.
- Distrust in technology in the sense that automated systems may overlook threats or make lives harder for employees by putting too many restrictions on the network.
- Fear that automation of security will bring massive changes to an organisation and how security professionals work. Bascially, a fear of change.
While these concerns are legitimate, Palo Alto points to some of benefits automating network security can bring to organisations:
- Simplifying security processes which results in reduction of duplicated deployment efforts. This includes bringing down the number duplicated security policies across a company. Updates to these policies can also be applied quickly and easily with automation.
- Significantly reduce human error.
- Faster threat detection on the network as automation can correlate information across different data sources swiftly.
While there are some compelling benefits to network security automation, it may not be everybody's cup of tea. Palo Alto recommends breaking down the automation process in the following categories to see if it will suit your organisation's needs:
- Network Setup -- Automation in this area allows for configuration of firewalls and policies by eliminating duplication and streamlining processes with automation tools such as templates, templates stacks, and device groups.
- Network Management -- Automation in this quadrant ensures always up-to-date network and policy with capabilities such as SIEM integration or security policy orchestration.
- Threat Intelligence Setup -- This area focuses on automatic protection against known and unknown threats with thorough analysis and prevention of successful attacks. It also can ensure that differing security technologies can learn from each other. Automated threat correlation, a common security rule base, and similar functionalities go a long way toward making things more streamlined.
- Threat Intelligence Management -- This component focuses on continuous protection with the latest information with automatic and frequent updates to software, signatures and other security components.