Three areas to focus on when rolling out security automation

Trend Micro's Jamie Slater on what to prioritise and why

Security automation is becoming essential for businesses of all types, particularly when incidents are overwhelming the security team, when 365x24x7 protection needs to be provided to assets and when seeking to cut costs and/or enhance legacy security systems.

There are four main challenges facing IT and security teams today, said Jamie Slater, security engineer at Trend Micro, during Computing's DeskFlix: Cloud Automation event in September.

There is the volume modern cyber attacks and the spread of data in the public cloud; there's a lack of skilled security professionals; and there's the need to create standard and predictable services with security built in from the start; and there's the requirement to comply with increasingly strict regulations.

So given these imperatives, where should organisations concentrate their security automation efforts? There are three key areas when automating IT security, Slater said.

The first is around asset creation. "As you're adding new things to your business you want to deploy security by design," he said. This includes striving for templated deployments and ensuring visibility of all deployed assets.

The second requirement is automated security monitoring, including automated log collection and centralised correlation of logs and monitoring.

"That's all focused on gathering those logs, centralising that getting rid of the siloed data, understanding what your security profile is like, what the attack surface is, and where you've got risks within the business, but also prioritising those alerts so you can see if you've got high severity CVEs, or applications with missing security control, or if someone's configured an S3 bucket and changed its settings so it's now public.

Automation is the best way to obtain this actionable intelligence, he added.

The third area of focus should be compliance, monitoring for service misconfigurations and best practice, observing deviations from compliance standards and monitoring the entire lifecycle of assets.

Using cloud security automation is similar to protecting your house. It's the difference between waking in the morning to find you've been burgled, versus the police giving you a call to say they detained a burglar outside your house," said Slater.