How can automation be used in cybersecurity incident response?

April 15, 2019

When it comes to incident response in cybersecurity, every second matters. 

Earth surrounded by global network in blue

Quickly identifying a security breach or cyber threat minimizes the damage and lets an organization get back to normal as soon as possible. Unfortunately, the sheer number of attacks an organization receives on a daily basis creates a tremendous amount of logs that needs to be analyzed, prioritized and investigated.

Which is why more and more companies are integrating automated technologies into their incident response plans.

If your first job in cybersecurity is as a junior analyst, you might find yourself working with automated technologies. This overview will give you realistic expectations of the benefits of these technologies.

Automation has the potential to replace repetitive tasks like manually sifting through alerts to determine which warrant action. In addition, some threats, like a phishing email, can be detected and responded to in real time.  Automation technologies can also be used to block command and control malicious IP addresses and remove rogue files. 

In an article titled, Cyber Security Predictions: 2019 and Beyond, Symantec says that hackers are using artificial intelligence techniques themselves to, “supercharge their own criminal activities.” If attackers are using automation technologies, it makes sense that cybersecurity professionals do the same to stay one step ahead of attacks. The article mentioned above states four ways artificial intelligence and machine learning fill a need in cybersecurity incident response:

  1. Machine learning-powered security can spot new threats
  2. Automated tools can uncover and fix new vulnerabilities before attackers find them
  3. They can harden environments using advanced attack simulations
  4. They could help protect personal digital security and privacy by providing alerts to warn users of potential security risks

Not only can automated technologies identify a security breach quickly, but these technologies also free up the time for cybersecurity professionals to handle other tasks.  As Joe Danaher, chief information security officer at Integrity IT explains, “There are many things computers do better than humans but making intuitive decisions based on an unusual situation is not one of them.”

In other words, automated technology cannot answer this important question: Now what?

Cybersecurity professionals still need to decide what servers or networks to isolate, when outside investigators need to be notified about the breach, plus determine what changes should be made to policies and procedures to institute corrective actions.  

All students at Capitol Tech get hands-on experience in incident response as part of their coursework. Students can also volunteer to participate in the university’s on-site Security Operations Center (SOC).

Categories: Cybersecurity