Time and time again, the same questions are asked when software vulnerabilities lead to significant IT downtime and disruption. Where does the blame lie? Was there any malicious intent? Are IT suppliers prioritising efficiency over security and rigorous testing?
All important questions – but they shouldn’t be used as a free pass for our community to glance over self-reflection. To spell it out, risk and recovery strategies fall way short in too many organisations.
In a utopian setting for security teams, the risk of software vulnerabilities and disruption would be non-existent. But that isn’t the world we live in. The new Unit 42 Attack Surface Threat Report sums it up well. It found that the average global organisation is adding 300 new digital services to its attack surface monthly. By nature, this exposes critical IT and security infrastructure to the Internet – opening the door to disruption and incidents.
IT and security teams need to respond with measures to limit risk as much as possible, as well as impact when disruption and incidents do strike.
Scale up and accelerate
With larger attack surfaces to manage, security automation is no longer a “nice to have”. It’s crucial for maintaining resilience.
Patching has always been a critical part of security teams’ roles. But in today’s cybersecurity landscape of new vulnerabilities by the day, the sheer scale of it is becoming untenable. Particularly given rolling out patches can span multiple servers, each with requirements for testing.
Security teams can harness automation workflows to carry out these time-consuming tasks. Workflows built in the A-Ops platform can automatically copy over required patches, shut down applications at a set change window, install patches, and carry out checks on each patched application.
Continuous monitoring is another critical facet of building resiliency that automation supports. Workflows, tied to an organisation’s asset database, can automate the scanning of assets for open ports and web-facing applications. In A-Ops, these workflows feed into dashboards shedding light on the entire external attack surface in real-time and can even integrate with OpenSearch to automate traditional SIEM data stream and alerting functions.
Prepared for lightning-speed recovery
Resilience limits the risk of IT disruption and outages but doesn’t remove it. Luckily, automation also bolsters recovery efforts following such disruption.
Many organisations will maintain back-ups as standard practice. Automated workflows, however, streamline any required restoration processes – looking after testing and ensuring critical assets are restored correctly. Where user action is required as an element of recovery, automated workflows can render the process self-service for users, removing the need for manual intervention from security teams.
In recovery situations, security teams need to move quickly to adapt to the circumstances at hand. A-Ops facilitates this with an intuitive, drag-and-drop UI to build the automation workflows needed to speed up recovery – users can even harness our TemplateAI feature to stand these workflows up faster.
Stepping up to the challenge
Automation is the best route for organisations to improve resiliency and recovery, enabling adaptation to a wider attack surface than ever before and limiting the risk of human error or manual tasks impacting the overall security posture.
Major IT outages and failures will hopefully serve as a wake-up call for more organisations to accept this reality and leverage automation to make their resiliency and recovery processes fit for today’s IT and security context.