Automated systems can identify vulnerabilities in a business and report any issues to a human actor, according to a leading cyber security expert.
Rahn Wakely from Qualys believes cyber security is the most critical skills gap facing Australian business.
“Attackers move quickly and adeptly, so the modern threat hunter cannot afford to rely on traditional patching cycles,” he said.
“Automation is a means to speed up many standard tasks and reduce execution errors. On the IT side of the equation, we see a lot of acceptance of automation. Measurable cost savings and proven efficiencies have driven more and more of it.”
To embrace automation at scale, Mr Wakely believes the entire cyber security discipline may have to unlearn what it has learned and break with tradition.
“DevOps teams are unafraid to break and fix, break and fix, break and fix – employing an iterative approach to the improvement of an end product. Security teams, however, are trained to minimise impact and ensure that every tool they use does not interfere with the infrastructure at large,” he said.
IS YOUR BUSINESS CYBER SAFE?
Explore our next-gen cyber training and resources to defend against online threats to your business. Plans start from only $10/month.
“Automation can help regional firms plug their security skills gaps, but only if they adopt the same experimental mentality of break and fix.”
According to Mr Wakely, automated cyber security is perhaps the only way to address the issue of work-from-home (WFH) endpoints.
“Any device that joins the corporate network is a risk. And home devices may even be used by more than one person, each of whom may work for a different organisation. When patching directly from the cloud is the only practical approach, automation is the natural next step,” he said.
“Automation enhances an organisation’s threat posture. Vulnerabilities are being addressed as soon as fixes become available, without the need for cumbersome human-based workflows. And as this good news spreads across Australia – that automation can reduce costs, make baseline security practices more efficient and subsequently enhance security postures and make compliance an easier proposition – trust in automation will grow.”
Mr Wakely expects 2022 to be a transformative year for cyber security and says automation will become standard practice.
“Security teams will finally be freed up to go the extra mile and secure our digital estates once and for all.”
Rahn Wakely is the CISO-Asia-Pacific at Qualys.
