The Role of Automation in Cybersecurity: Enhancing the Battle against Evolving Threats

By Venkatesh Sundar- Founder and President, Americas, Indusface

With the digital transformation of operations becoming a necessity in every field of work, the cybersecurity landscape has evolved and expanded in an unprecedented manner. Enterprises all over the world are deploying AI-powered tools such as chatbots, virtual agents, and process automation technologies to expedite operations. However, in the quest for efficiency and rapid scaling, enterprises are also repeatedly exposing themselves to cybercriminals. Hastily put-up defences, lack of proper integration between different applications, not carrying out updates or patching as needed, are some of the things that put enterprises at a greater risk of cyberattacks.

The famous cyberattack on Equifax has been one of the key examples of this failure. The company’s network was hacked via a consumer complaint web portal, due to a widely known vulnerability that should have been patched, but wasn’t. Further, the attackers managed to move from one server to another simply because there wasn’t adequate segmentation, and they kept stealing encrypted data for months due to the fact that Equifax failed to renew an encryption certificate on one of their internal security tools. The incident served as one of the major learnings for cybersecurity practices in the modern era. Had the company focused on getting the basics right, and deployed AI-powered automation tools for cybersecurity management, threat identification, and virtual patching etc, more than 143 million people won’t have been subjected to the data theft, and the company won’t have faced so many challenges and costs in the form of compensation etc.

Similarly, the SolarWinds cyberattack in 2020 was a significant wake-up call. Automation could have detected unusual network activity and instantly flagged it as a potential threat.

Essentially, cybersecurity has become a relentless game of cat and mouse where the cybercriminals are constantly trying to be innovative, harnessing the power of artificial intelligence and automation is critical to proactive threat mitigation, and ensuring comprehensive cybersecurity.

The need to adopt an integrated approach
AI powered tools bring a lot of capabilities to the table, however, as we make a case for automation in cybersecurity, it must be clearly understood that these tools are not a replacement for human cybersecurity professionals, but only capacity boosters. The reason we say this is that the 24/7 proactive usage apart, there is also a great need for intuitive understanding, context, and ethical judgment that humans bring to the table. For instance, there are a lot of things in the grey area, and when there is a need to take a call on how to approach an action, whether to treat it as a threat or evaluate it, are things that can be better taken care of by human intelligence.

Secondly, there is a need to display adaptability as per the use case. For instance, the approach to secure a stock market related portal or an ecommerce website will have to be different than the approach for a corporate website. It is areas like these, where automation often falls short. Not only that, AI and automation tools lack the ability to make ethical decisions or differentiate between lawful and unlawful actions. Human oversight is fundamental to ensuring responsible cybersecurity practices.

This human oversight and intuitive thinking can be significantly boosted by an integrated approach of deploying automation and AI-powered cybersecurity tools toward areas like network monitoring, log analysis and user authentication to threat identification and incident response.

How automation and orchestration can be a gamechanger
Automation is the answer to streamlining routine, time-consuming tasks in the cybersecurity realm. These tasks encompass network monitoring, log analysis, user authentication, threat identification, and incident response. They often consume precious hours of human effort, which can be better spent on tasks that demand intuition, judgment, and creativity. The benefits of the integrated approach where human oversight and real-time AI-powered automation is deployed, are extensive.

Advantage of deploying comprehensive solutions
The evolution of AI and automation in cybersecurity has given rise to comprehensive tools that integrate various security components. These tools bring together scanners, Web Application Firewalls (WAFs), vulnerability management systems, and other security mechanisms, creating a cohesive security ecosystem. This integration is crucial to achieving a full-proof defence against the constantly evolving threat landscape.

The security domain in general has too much fragmentation and even in established players, there are many add-ons. A lot of times, the stakeholders don’t have enough context into what all solutions to deploy. For example, in the application security space, let’s say that they deploy a WAF but in some cases the bad bot mitigation solution is an add-on. While this is good for the vendor to get more revenue per customer, ultimately the customer’s application security stack has gaping holes from which an attack like the Equifax one can occur.

The future of cybersecurity
With cybersecurity’s scope expanding with each new day, and threats becoming more sophisticated as well as diverse, the ideal approach to cybersecurity necessitates the synergy of human and automation capabilities. Automation tools can excel at routine tasks, quickly identifying known threats, and analysing vast datasets. Humans, on the other hand, bring their experience, intuition, and ethical judgment to the table. By harnessing this synergy, organizations can strengthen their security posture and safeguard their digital assets effectively.