This week’s question: What does automation mean for IT security teams?
What automation primarily means is that teams now have the chance to scale their tasks to meet the needs of the business. Nowadays, given that vulnerabilities are discovered on a daily basis, organisations need tools that can keep track of these weaknesses as these are made public and patches become available.
The great strategic advantage of using an automation tool for vulnerability management is the frequency at which it allows IT security teams to track changes: monitoring assets continuously has become a requirement, given the speed at which code changes today. The days when running one yearly, or even a quarterly, pen test was enough to spot the potential entry points an attacker may leverage are long gone. Modern businesses need to keep a much closer look over their digital assets.
However, what is important to remember is that while automation is great when it comes to making mundane, repetitive tasks more manageable, the accuracy of a human being is still something that machines cannot replicate. Risk is something contextual, and machines are still not there when it comes to assessing the severity of a potential threat.
When vulnerabilities are discovered, their risk score needs to be assessed based on the likelihood of them being exploited, and this is something that humans are still better at. An ML/AI powered tool often flags all vulnerabilities and cannot prioritise based on their risk factor.
The best model for organisations wishing to optimise their security processes remains a hybrid one – where automation tools are integrated with human interventions at certain critical points. Automation can augment people, but it cannot replace them completely.