Why IT Security Must Become More Automated
The Case for IT Automation
There was a time when manual security and manual IT tasks were workable. But that day passed a long time ago. Yet many in IT and security find themselves still trawling through logs, conducting manual triage of security events, or burdened by grunt work.
That’s why areas such as machine learning, Artificial Intelligence (AI), Security Information and Event Management (SIEM), and threat intelligence are so popular of late. They promise to bring a greater degree of automation to IT. And they give security personnel hope that their days of manual drudgery may be coming to an end.
But automation in IT and security has a long way to go. IT staff are still overworked, often having to work evening and weekends with no end in sight. A 2019 survey from the Ponemon Institute found that 73% of organizations said they were experiencing burnout due to an increasing workload that made working in a security operations center (SOC) painful. Most respondents to the survey at that time felt that automation of workflows would be the most beneficial measure to alleviate the pain.
Two years on, the situation in IT and security is little changed. Yes, there is more automation. But also, the sheer volume of work placed upon fewer shoulders, coupled with the rise of malware and ransomware, means that the implementation of automation has done little more than prevent the manual work burden from increasing.
Automation needs to be stepped up markedly in order to make real process, alleviate workloads, and prevent burnout.
Automating Patch Management
Let’s take a look at one area where automation has made real progress – patch management.
Patch management is one of those simple basics, that if properly used, could drastically reduce the likelihood of a cyberattack. Yet it is applied sloppily in too many enterprises.
Just about all users have seen automatic Windows updates. You leave your system online and updates are implemented automatically. That same level of automation can be applied to across the enterprise to patches from a large number of vendors.
With hundreds or even thousands of endpoints to manage, lack of automation can delay the implementation of a critical patch. It saves time if IT does not have to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.
The best patch management solutions provide drag-and-drop features, as well as automation of processes and multistage tasks: for example, automating a sequence such as patching VM guests and rebooting them, then patching their host, and performing a separate reboot. Syxsense operates in this way.
How to Make Patching More Efficient
Beyond the automation of actual patch deployment, there are many other ways to add automation and efficiency to patching processes. Consider just how fast cybercriminals move. When a new point of weakness is discovered, word spreads rapidly around the dark web. There is no time to lose in installing patches.Yet delays in testing and distributing patches are not uncommon.
IT often falls behind in reviewing patches from a great many application providers. Or laborious testing requirements act as a severe bottleneck for patch deployment. The result is weeks and often months before an important patch is ever deployed. Some organizations never seem to get round to it. Patches need to be tested and distributed within a few hours of their release. The turnaround time at Syxsense is three hours.
Another situation that can crop up is rigid automation. The organization works on a first in, first out system for patches. It receives a patch from Vendor X. It takes a certain number of weeks to process, test, and approve Patch A. By the time it is ready to go, Vendor X has released two more patches (B & C).
Oftentimes, Patch C not only addresses the latest bug, it also fixes, as well bugs A & B. Yet procedure can dictate that Patch A isn’t implemented for many months while the organization cogs are turning to deploy it then laboriously approve and deploy Patch B and finally Patch C.
IT Automation and Patching with Syxsense
Syxsense uses what is known as patch supersedence to avoid such delays. It detects and automatically deploys the most important patch and avoids rolling out Patch A when Patch C is the more comprehensive fix. Additionally, Syxsense lets you easily manage unpatched vulnerabilities with the click of a button.
Find yourself a patching solution with built in efficiency and automation.
Start Your Free Trial of Syxsense
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.