 |
|
||||||||||||||||||||||||
Security automation: Isn't that the very nature of the beast? After all, just about any security process can be automated. Firewalls, intrusion-detection systems and anti-virus software scan and sniff network traffic and computers for known signatures of attacks, viruses and worms. Vulnerability management systems find and patch holes, so malware can't exploit them. Remote access managers sandbox, scan and sanitize endpoints before allowing network access. And security managers get to view all of this and more from a central monitoring station.
OK, maybe it isn't an integrated monitoring station but rather a bunch of monitoring stations kludged into one console by a security administrator. That's the nature of the beast, too. The inability of different security products to share network and security information limits security automation. Limitations appear elsewhere, too. For example, intrusion-prevention systems (IPS ) lack the intuition to know the difference between a Christmas rush and a denial-of-service attack, which is why companies use intrusion prevention sparingly, or not at all. There's no way a security tool will ever be able to set policies aligned to your business' unique characteristics.
Suffice it to say, security will continue to become automated, but will never fully replace human perception, intuition and intervention. "You can build automated security models in a way to detect problems, establish countermeasures and alert a human, who can then build a filter or countermeasure to protect against that issue," summarizes John Pironti, enterprise architect and security consultant at Unisys. "In this way, there will always be a symbiotic relationship between humans and computers."
Intrusion detection, anti-virus, firewalls and anti-spam are fairly mature when it comes to automation - meaning human intervention is minimized. While these tools needed manual updates and excessive filtering, they now essentially run themselves, by automatically updating their signature files, blocking worms and viruses, scanning and parsing datastreams, and looking deep into packets to detect bad behavior, says Vick Wheatman, vice president of security practices at Gartner. Reaching that level of maturation takes five to 10 years, analysts say.
They point to security information aggregation and identity management as two technologies at the other end of the maturation spectrum. This means we won't see mature automation of these disciplines until 2010 or beyond.
But don't just look to product trends to measure automation, says Robert Garigue, vice president and chief information security officer at Bank of Montreal Financial Group. Instead, organizations should focus on how security aligns with best practices and how it can be automated to the point that it moves from just security into the normal operations of the business, he says.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment