3 Secrets of a Successful Security Automation Strategy

Computer security threats keep growing in number and sophistication. The Internet of Things (IoT) has added to the number of targets to defend as well as the number of attack sources. So have mobile devices. WannaCry was certainly just the start of a new wave of worm-based malware, with the Petya worm quickly on its heels. These attacks don’t rely on human error but spread directly from one computer to another.

In an increasingly worm-infested world, a reactive approach to security isn’t enough. Humans can’t keep up without help, and anti-malware software can’t stop everything. Security automation is necessary if an organization hopes to stay safe.

Three keys to automated security

A successful approach to automated security encompasses three elements:

  1. Data availability.: Keeping up with the data is necessary, though not sufficient. Any system tied to the Internet is constantly being probed for weaknesses. There may be a huge amount of security-related information, and the first step is to make sure it’s all available.

  2. Holistic perspective: Sound decision making requires bringing together the data from across the network, understanding the intelligence  and distinguishing significant indicators from unimportant ones. Success comes from  treating the network as a whole; discrete devices, each protecting separate components, can't do the job.

  3. Rapid action: A successful defense turns intelligence into action. With security automation, threat and breach detection and response is faster and more precise — which helps to contain the damage.

Automated security in action

Security automation looks for patterns that indicate trouble. This includes not just malware signatures but unusual types and levels of activity. Every network has different patterns of normal behavior, and automation tools must be able to detect what’s abnormal for that network.

When a new device is added to the network, the network security platform should automatically interoperate with it. Sharing information from every point on the network gives the best chance of identifying anomalies and their source. For example, if a device starts querying every other device on the network and normally shouldn't, there’s probably a security issue.

Upon identifying a threat, the security system should take immediate action to mitigate it and notify human users. The IT security staff can then look at the report and understand what has happened, and perhaps why. From there, the security team can decide what further action is necessary

The fabric-based approach

Fortinet’s security fabric brings together all the network’s discrete security tools to form an integrated, automated solution. Automated information sharing between physical and virtual tools such as firewalls, endpoint security and behavior-based advanced threat protection (APT) solutions are central to the effectiveness of the security fabric.

Getting there from here

Automation isn’t as simple as turning on a switch. The earlier you start, the sooner you’ll have the level of protection that’s needed. You'll then have the best chance of keeping up with today’s threats and future ones.

Tec-Refresh will help you get started on this path, developing an automated security strategy that will reduce the security risks your network faces. As a Fortinet partner, Tec-Refresh can provide you with the best tools and methods for moving toward intelligent security automation.