Data center cybersecurity managers have had it tough this pandemic.
During the first half of 2021, bad actors launched 5.4 million DDoS attacks, setting a new record, according to a Netscout report released last month. The number of attacks is up 11% compared with last year, and the average attack duration is up 31%.
And according to the U.S. Department of the Treasury, ransomware payments reached $400 million in 2020 — four times higher than in 2019. And that number is just a fraction of the total economic cost of ransomware.
According to IBM, the average cost of a data breach now costs a company $4.24 million per incident, another record high. One reason that the costs of dealing with security incidents went up, said IBM, was the drastic operational shifts during the pandemic.
This past year and a half has been a "perfect storm" for the cybersecurity profession, according to the Ernst & Young Global Information Security Survey released this summer.
More than three-quarters — 77% — of respondents said that they have seen an increase in the number of disruptive attacks, such as ransomware, over the last 12 months, up from 59% the year before.
Meanwhile, 81% said that COVID-19 forced organizations to bypass cybersecurity processes.
As a result, just 9% of boards were extremely confident that the cybersecurity risk and mitigation measures presented to them can protect the organization from major cyberattacks — down from 20% last year.
It's no surprise that 68% of CEOs are planning a major data and technology investment in the next 12 months and 39% of organizations put cybersecurity on their board agendas quarterly — up from 29% in 2020.
Automation Makes a Dramatic Difference
According to the IBM data breach cost report, the factor that made the single biggest difference in the total cost of a data breach was cybersecurity automation.
Companies that did not have security AI and automation deployed spent an average of $6.7 million to recover from a breach — more than twice as much as companies that had fully deployed automation, which spent just $2.9 million.
Cybersecurity automation also allowed companies to spot a breach and contain it faster.
So it's no surprise that 95% of organizations have already automated at least some of their cybersecurity processes, according to a cybersecurity automation adoption survey released by ThreatQuotient last month.
Of those, 40% have automated more than half of their processes.
Meanwhile, 98% of companies are planning to automate more of their cybersecurity over the next 12 months.
Defending against cybersecurity threats is very expensive, said Michael Rogers, operating partner at venture capital firm Team8 and former director of the U.S. National Security Agency. But the costs for attackers are low, he told Data Center Knowledge.
"Prioritizing cybersecurity solutions that provide smart, cost-effective ways to reduce, mitigate or even prevent cyberattacks is key," he said. "Inevitably, as we move to an increasingly digital world, these options are game-changers in safeguarding our society and digital future.”
Some areas where cybersecurity automation is making a particular difference include incident response, data management, attack simulation, API and certificate management, and application security.
Vendors are now delivering the cybersecurity automation capabilities they've been promising, said Gartner analyst Gorka Sadowski.
"It gives us the capability to do threat detection and response at scale," he told Data Center Knowledge.
AI and machine learning-powered automation requires large data sets to become effective, and we're starting to see this as well.
"A lot of machine learning is being thrown at huge data sets," he said. "The analytics are getting better. And what do you do with that analysis? You want to do threat detection and response, you want to bring the environment back to a safer operating state. Now, these new tools are able to do a lot of this automatically."
According to the SANS threat hunting survey released last month, 75% of companies already use automated alerting tools such as SIEM (security information and event management), intrusion detection and prevention, and endpoint detection and response.
Threat hunters were particularly satisfied with AI technologies, the survey showed.
Three popular low-code or no-code automation tools are those from Splunk, Refactr and SIRP, said Edwin Weijdema, global technologist at Veeam Software.
"All the tools work with visual editors to show workflows where you can drag and drop actions on the canvas and connect them together," he told Data Center Knowledge.
These tools automate tedious and repetitive tasks and speed up incident response, he said, while reducing alert fatigue and human error.
"Security processes become more clear, efficient and transparent because of the visual on-screen pipeline representation, therefore reducing the possible attack surface,” he added.
According to a September survey Ponemon conducted for cybersecurity vendor ReliaQuest, 52% of companies say that their IT security team is spending too much time on data collection activities at the expense of threat detection and analysis.
And 63% said that automating tasks like data collection would make their security operations more efficient.
On average, according to the report, a security professional spends 3.3 hours a day manually administering tools.
"The use of automation tools in modern security operations is now mandatory to help analysts navigate through mountains of data flowing in and out," said Daniel Clayton, vice president of global security operations and services at Bitdefender.
And automating more routine tasks such as log management frees up analysts for higher-skilled tasks like threat hunting and incident response, he told Data Center Knowledge.
But those, too, can benefit from cybersecurity automation, he said, by providing context to help analysts make decisions more quickly.
The two key tools were security orchestration, automation and response (SOAR) platforms and threat intelligence platforms, he said.
Another area in security that is traditionally extremely time-consuming is conducting simulated attacks and penetration tests.
"Continuous attack simulations can be used to bolster data center security," said Marcus Carey, an enterprise architect at ReliaQuest.
These simulations automate adversary behavior and can cover more processes and security controls than is possible with manual tests — without disrupting day-to-day operations.
"Since testing is ongoing, findings are reported continually, giving security teams more data about the day-to-day performance of their security models," he told Data Center Knowledge.
APIs and Certificates
According to DigiCert's annual state of PKI automation survey, released last month, the typical enterprise manages more than 50,000 security certificates.
But two-thirds have experienced outages caused by certificates expiring unexpectedly, and 25% experienced five to six such outages in just the past six months.
As a result, 91% of companies are planning or thinking about automating their PKI certificate management processes.
Today, only 25% have implemented or are in the process of implementing a solution, but 70% plan to roll one out in the next 12 months.
Automation can also help companies to secure their applications, including checking for authentication, authorization, encryption and other potential problem areas, said Meera Rao, senior director of product management at cybersecurity firm Synopsys Software Integrity Group.
Automated tools can also scan applications for known security vulnerabilities, she told Data Center Knowledge.
Third-party software is also a potential security risk, as evidenced by the recent SolarWinds and Kaseya attacks.
These are known as software supply chain attacks.
According to a report released last month by enterprise software delivery firm CloudBees, 95% of executives say that their software supply chain is secure or very secure.
"But nearly 75% of respondents admitted their pipelines had significant manual processes," said Prakash Sethuraman, chief information security officer at CloudBees.
This is a problem because every manual step presents a risk of human error that can lead to a security breach, he told Data Center Knowledge.
"As the frequency of deployments through DevOps pipelines increases, manual approaches are no longer sustainable," he said.