Can cybersecurity be automated? The prevailing understanding is that automation is not applicable to fields where complex discretion and decision-making are required. The identification of cyber threats is not as simple as dispensing cash from an ATM, so it is understandable why some tend to think that cybersecurity is not compatible with automation.
This does not appear to be the case, though. A study predicts that robots are set to replace humans in cybersecurity by 2030. The study, which surveyed 500 IT decision-makers, found that 41 percent believe that AI will take over their jobs in less than a decade from now, while 32 percent said that technology will inevitably automate the entirety of cybersecurity in the future. Only 9 percent are convinced that AI will not supplant them in their roles in cybersecurity.
Automation in security evaluation is increasingly becoming inevitable. Embracing it is no longer just a matter of following trends and achieving greater efficiency. There are many more compelling reasons to automate as explained below.
Automation in Present-day Cybersecurity
Automation is already employed in current cybersecurity solutions. It is already playing a crucial role in automated security penetration testing solutions, particularly in breach-and-attack systems that are being offered on a software-as-a-service model. Automation also makes it possible to undertake continuous security validation, which optimizes security postures with minimal resource use and maximum efficacy for security controls. Its use has brought about significant advantages in making security assessment more efficient.
From processes that usually take around half a year to complete, automation in penetration testing radically accelerates progress, making it possible to produce testing results within a single working day. This kind of speed and efficiency is already being offered by leading security testing firms.
Penetration testing automation is said to be ushering a paradigm shift that is sending traditional penetration testing to obsolescence. Cybersecurity companies are now developing tools and platforms with automation in mind instead of relying on the old ways of conducting pen-testing.
Similarly, automation is considered a necessity in application security as it is becoming considerably more difficult to secure software. Applications are now using innumerable libraries and frameworks as they are packed with more features and functions. Rapidly scanning all of these for security testing would be virtually impossible.
The increasing complexity of APIs, too, poses similarly extreme challenges. The exponentially growing complication of their structures and communication processes requires the efficiency of automated systems. “Gone are the days where cybersecurity for applications can mimic hard candy – a protective outer shell that surrounds the inner portion. Applications need not just a wall around the application as a whole, but security perimeters to protect individual workloads. This can make applications trickier to secure, with so many more perimeters to defend from breaches and malicious activity,” says Cisco’s TechBits Academy.
Additionally, the migration to cloud and hybrid environments is creating more security testing complexities especially in terms of visibility. Working with these environments requires more extensive capabilities to ensure security visibility. “The steady corporate shift to the cloud, data traversing “hostile territory” and the proliferation of networked devices are creating a growing list of data security challenges,” says Ann Thryft, Industrial Control And Automation Designline Editor at EE Times.
Moreover, the growing adoption of new software strategies like Agile and DevOps creates new requirements and greater security urgency. Traditionally, organizations wait for security testing to be completed before they deploy their software. Under Agile and DevOps, deployment takes place in just a matter of weeks. Security testing needs to be expedited without compromising on thoroughness.
The Reliability of Cybersecurity Automation
Is automated cybersecurity reliable? The success of existing security testing systems that employ automation proves that automation works and has more than decent reliability to boot. However, the prospect of going fully automated may not be that near in the future, not even a decade from now as the study cited earlier suggests.
As Modded Editor-in-Chief Martin Banks wrote for Cyber Security Magazine, there are many benefits of automation, but there are also limits and concerns. It enables faster responses to cyber threats and overall greater efficiency. However, no automated system guarantees foolproof operation. The leading automated security testing solutions at present rely on both automation and human security experts.
The best setup at present would be a combination of human and automated solutions. Automation can be used in specific areas like cyber threat intelligence gathering, the aggregation of the latest attack information, and the sorting of notification to make sure that the most urgent alerts get attention and not pushed to the bottom of the alert queue because of the overwhelming amount of new vulnerabilities and security incidents detected.
Also worth noting, the emergence of collaborative efforts among security professionals and organizations is something automation cannot supplant for now. The MITRE ATT&CK framework, for example, is integrated into many of the leading continuous automated security testing platforms to take advantage of the latest authoritative cyber threat intelligence and insights worldwide.
Moreover, automation can play a critical role in monitoring and performance measurement to ensure properly working security controls and the prompt implementation of corrections, reconfigurations, or replacements whenever necessary.
Not all automated systems are created equal, though. Some tend to overuse or misuse the words “automation” and “artificial intelligence”, while not necessarily delivering these actual benefits. It is important to make sure to choose only reputable and proven automated security testing platforms.
Automation: Crucial Aid, Not Replacement
For now, human security experts are still irreplaceable when addressing vulnerabilities considered to be more nebulous or unpredictable. These include business logic bypasses, attack chains involving multiple vulnerabilities, as well as race conditions. It would take more time before AI can properly handle these cyber threats.
As an annual (2020) penetration testing survey reveals, efficient security testing needs automation, but humans are also essential. The survey says that a large majority of pen testing engagements deal with misconfigurations, cross-site scripting, and authentication issues. All of which are decently handled by automated security testing.
“Automated analysis tools excel at finding certain types of vulnerabilities–from cross-site scripting flaws to SQL injection and from misconfigured security headers to remote-file inclusion–but humans continue to be necessary to evaluate the severity of such flaws,” writes veteran tech journalist Robert Lemos, as he scrutinizes the details of the penetration testing study.
Automation in cybersecurity does not necessarily mean the abandonment of human inputs and roles. It is not a zero-sum game where a gain in one means a loss to the other leading to the eventual elimination of one of the parties. What is clear is that automation helps humans in keeping up with the growing requirements of security testing amid the increasing complexity of software systems and environments, as well as the overwhelming sophistication and volumes of cyberattacks.