SlideShare a Scribd company logo

Benefits of Semi Automation - Learn Security Analysis A Lot From Football

Download as PPTX, PDF
Siemplify
Siemplify

In the complex corporate security environment, automation is increasingly the “go-to” answer for organizations lost in a sea of alerts, logs and data. But there is a danger in putting too much faith into security automation and orchestration alone. Visit - https://www.siemplify.co/

Technology
1 of 10
Benefits of Semi Automation
Introduction In football, planning every move down to the smallest details is everything. Any coach worth his or her salt has a playbook of strategies and every move, as impulsive as it may seem, has been carefully calculated with perfect “If this, then that” precision, before it ever took place. Yet, although every play has been pre-charted, effective execution relies on the adaptability of players in the moment and a keen understanding of the adjustments
When it comes to the security of corporate data, it’s not all that different from football. In order to be ready for anything that comes your way, all aspects need to be planned and mapped out beforehand, automated with a predetermined course of action – in the vernacular, “IFTTT”. This security playbook is called security automation and it’s an imperative part of keeping all parts of a security operation workflow moving together in precise and accurate motion. Security Playbook
In the complex corporate security environment, automation is increasingly the “go-to” answer for organizations lost in a sea of alerts, logs and data. But there is a danger in putting too much faith into security automation and orchestration alone. Organizations often turn to automation looking for a technological cure-all for their security woes, but while they are very good at what they do (at least theoretically), many security professionals are wary of handing off their most critical processes to a black box that cannot make up for the human intellect element. Automation
Machines are not people and as such, do not waiver from their predetermined playbooks, sometimes to the detriment of the goal at hand – that of keeping corporate data secure. As Gartner security analyst Anton Chuvakin points out. “There is – at this stage of security technology development, at least – GOOD AUTOMATION and EVIL AUTOMATION. Longer term, we will certainly see more automation and more domains of information security (cybersecurity, if you have to) covered by automation, BUT I’d be willing to bet anything that the profession of a security analyst will never be full automated.”1 Technology Development
In Forbes, Courtney Nash writes: “From a security standpoint, automation provides infrastructure security, and makes it auditable. But it doesn’t really increase data/information security (e.g. this file can/cannot live on that server)–those too are human tasks requiring human judgement.” Often, just like football’s receiver has to make a moment’s call and adjust strategies, relying on automation and orchestration alone is too rigid. To be truly useful, orchestration must become far more flexible and include people in those processes. What To Learn From Football
Semi-automation, in which team’s impact processes, creates the opportunity to define and refine the playbook’s rules. Teams know their own organization better than any template ever could, so orchestration needs to be a dynamic, malleable entity to be effective, with people influencing and overseeing the process. Chuvakin also states that: “To mitigate its “evil effects” while preserving the benefits, look at “semi-automated” or assisted mode with human influence in the loop where the automation gathers all the information and then a human makes one simple call with all available data.” Flexibility in Automation
When incorporating flexibility into the automation process, a typical scenario could go something like this: Within Automation
The automated process and human intellect work together to create a dynamic, adaptable security infrastructure. Properly implemented the right balance of man/machine mix help validate the relevancy of alerts – allowing analysts to close/eliminate cases more quickly and make sure analysts only look at cases that actually matter while getting rid of the “noise”. Because maintaining varying degrees of flexibility is in part dependent on the ability to navigate effectively across the security infrastructure, teams need tight integration with other security tools – the tighter the integration of all tools from end to end, the greater the ability to traverse between automation and human investigation. The Automated Process
Finding the perfect balance between human intellect and predetermined moves is a bit of an art form, just like in football. Flexibility within automation, with the input of those people who know their processes best, is the key to complete security. Conclusion

Recommended

How To Select Security Orchestration Vendor
How To Select Security Orchestration VendorHow To Select Security Orchestration Vendor
How To Select Security Orchestration VendorSiemplify
 
MSSP - Security Orchestration & Automation
MSSP - Security Orchestration & AutomationMSSP - Security Orchestration & Automation
MSSP - Security Orchestration & AutomationSiemplify
 
MSSP Security Orchestration Shopping List
MSSP Security Orchestration Shopping ListMSSP Security Orchestration Shopping List
MSSP Security Orchestration Shopping ListSiemplify
 
Security Orchestration, Automation & Incident Response
Security Orchestration, Automation & Incident ResponseSecurity Orchestration, Automation & Incident Response
Security Orchestration, Automation & Incident ResponseSiemplify
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Introducing Siemplify V4.25 - Security Orchestration, Automation And Response...
Introducing Siemplify V4.25 - Security Orchestration, Automation And Response...Introducing Siemplify V4.25 - Security Orchestration, Automation And Response...
Introducing Siemplify V4.25 - Security Orchestration, Automation And Response...Siemplify
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEMSiemplify
 
What is Security Orchestration?
What is Security Orchestration?What is Security Orchestration?
What is Security Orchestration?Siemplify
 

Recommended

How To Select Security Orchestration Vendor
How To Select Security Orchestration VendorHow To Select Security Orchestration Vendor
How To Select Security Orchestration VendorSiemplify
 
MSSP - Security Orchestration & Automation
MSSP - Security Orchestration & AutomationMSSP - Security Orchestration & Automation
MSSP - Security Orchestration & AutomationSiemplify
 
MSSP Security Orchestration Shopping List
MSSP Security Orchestration Shopping ListMSSP Security Orchestration Shopping List
MSSP Security Orchestration Shopping ListSiemplify
 
Security Orchestration, Automation & Incident Response
Security Orchestration, Automation & Incident ResponseSecurity Orchestration, Automation & Incident Response
Security Orchestration, Automation & Incident ResponseSiemplify
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Introducing Siemplify V4.25 - Security Orchestration, Automation And Response...
Introducing Siemplify V4.25 - Security Orchestration, Automation And Response...Introducing Siemplify V4.25 - Security Orchestration, Automation And Response...
Introducing Siemplify V4.25 - Security Orchestration, Automation And Response...Siemplify
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEMSiemplify
 
What is Security Orchestration?
What is Security Orchestration?What is Security Orchestration?
What is Security Orchestration?Siemplify
 
Transform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationTransform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationEnterprise Management Associates
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROISiemplify
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Security Orchestration Made Simple
Security Orchestration Made SimpleSecurity Orchestration Made Simple
Security Orchestration Made SimpleSiemplify
 
Accelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Chris Ross
 
Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTawnia Beckwith
 
10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and ReponseEMC
 
Top 10 SIEM Best Practices, SANS Ask the Expert
Top 10 SIEM Best Practices, SANS Ask the ExpertTop 10 SIEM Best Practices, SANS Ask the Expert
Top 10 SIEM Best Practices, SANS Ask the ExpertAccelOps
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for EndpointMighty Guides, Inc.
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceCondition Zebra (CONZebra)
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Nathan Burke
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle ManagementFujitsu Middle East
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies Siemplify
 
CO$T BENEFIT OF MSSP
CO$T BENEFIT OF MSSPCO$T BENEFIT OF MSSP
CO$T BENEFIT OF MSSPAlex Himmelberg
 
Overview
OverviewOverview
OverviewNathan Burke
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
ASPEN - NEXT GENERATION SIEM
ASPEN - NEXT GENERATION SIEMASPEN - NEXT GENERATION SIEM
ASPEN - NEXT GENERATION SIEMFlorin Hoinarescu
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 

More Related Content

What's hot

Transform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationTransform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationEnterprise Management Associates
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROISiemplify
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Security Orchestration Made Simple
Security Orchestration Made SimpleSecurity Orchestration Made Simple
Security Orchestration Made SimpleSiemplify
 
Accelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Chris Ross
 
Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTawnia Beckwith
 
10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and ReponseEMC
 
Top 10 SIEM Best Practices, SANS Ask the Expert
Top 10 SIEM Best Practices, SANS Ask the ExpertTop 10 SIEM Best Practices, SANS Ask the Expert
Top 10 SIEM Best Practices, SANS Ask the ExpertAccelOps
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for EndpointMighty Guides, Inc.
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceCondition Zebra (CONZebra)
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Nathan Burke
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies Siemplify
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
ASPEN - NEXT GENERATION SIEM
ASPEN - NEXT GENERATION SIEMASPEN - NEXT GENERATION SIEM
ASPEN - NEXT GENERATION SIEMFlorin Hoinarescu
 

What's hot (20)

Transform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationTransform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and Orchestration
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROI
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
 
Security Orchestration Made Simple
Security Orchestration Made SimpleSecurity Orchestration Made Simple
Security Orchestration Made Simple
 
Accelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite Sentient Executive Briefing
Accelerite Sentient Executive Briefing
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
 
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
 
Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management Provider
 
10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse
 
Top 10 SIEM Best Practices, SANS Ask the Expert
Top 10 SIEM Best Practices, SANS Ask the ExpertTop 10 SIEM Best Practices, SANS Ask the Expert
Top 10 SIEM Best Practices, SANS Ask the Expert
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security Compliance
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies
 
CO$T BENEFIT OF MSSP
CO$T BENEFIT OF MSSPCO$T BENEFIT OF MSSP
CO$T BENEFIT OF MSSP
 
Overview
OverviewOverview
Overview
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
ASPEN - NEXT GENERATION SIEM
ASPEN - NEXT GENERATION SIEMASPEN - NEXT GENERATION SIEM
ASPEN - NEXT GENERATION SIEM
 

Similar to Benefits of Semi Automation - Learn Security Analysis A Lot From Football

Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Anton Chuvakin
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be AutomatingSiemplify
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityMighty Guides, Inc.
 
The Fundamentals and Significance of Security Orchestration Tools
The Fundamentals and Significance of Security Orchestration ToolsThe Fundamentals and Significance of Security Orchestration Tools
The Fundamentals and Significance of Security Orchestration Toolssecuraa
 
Security automation system
Security automation systemSecurity automation system
Security automation systemSiemplify
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Data security in practice
Data security in practiceData security in practice
Data security in practiceAndres Kütt
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
A Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity ComputersA Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity ComputersEditor IJCATR
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Elasticsearch
 
Operar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaOperar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaElasticsearch
 
Automation of Information (Cyber) Security
Automation of Information (Cyber) SecurityAutomation of Information (Cyber) Security
Automation of Information (Cyber) SecurityComputer Aid, Inc
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationJoe Hessmiller
 
Automated incident response
Automated incident responseAutomated incident response
Automated incident responseSiemplify
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...Mighty Guides, Inc.
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyJonathanPritchard12
 
Smart manufacturing is a Journey !
Smart manufacturing is a Journey !Smart manufacturing is a Journey !
Smart manufacturing is a Journey !softconsystem
 

Similar to Benefits of Semi Automation - Learn Security Analysis A Lot From Football (20)

Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be Automating
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT Cybersecurity
 
The Fundamentals and Significance of Security Orchestration Tools
The Fundamentals and Significance of Security Orchestration ToolsThe Fundamentals and Significance of Security Orchestration Tools
The Fundamentals and Significance of Security Orchestration Tools
 
Security automation system
Security automation systemSecurity automation system
Security automation system
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
Data security in practice
Data security in practiceData security in practice
Data security in practice
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe Hessmiller
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
 
A Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity ComputersA Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity Computers
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
 
Operar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaOperar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronología
 
Automation of Information (Cyber) Security
Automation of Information (Cyber) SecurityAutomation of Information (Cyber) Security
Automation of Information (Cyber) Security
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organization
 
Automated incident response
Automated incident responseAutomated incident response
Automated incident response
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiency
 
Smart manufacturing is a Journey !
Smart manufacturing is a Journey !Smart manufacturing is a Journey !
Smart manufacturing is a Journey !
 

More from Siemplify

Petya Ransomware
Petya RansomwarePetya Ransomware
Petya RansomwareSiemplify
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 
Cyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsCyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsSiemplify
 
Incident Response Test
Incident Response TestIncident Response Test
Incident Response TestSiemplify
 
CyberSecurity Automation
CyberSecurity AutomationCyberSecurity Automation
CyberSecurity AutomationSiemplify
 

More from Siemplify (6)

Petya Ransomware
Petya RansomwarePetya Ransomware
Petya Ransomware
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
 
Cyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsCyber Security & Cyber Security Threats
Cyber Security & Cyber Security Threats
 
Incident Response Test
Incident Response TestIncident Response Test
Incident Response Test
 
CyberSecurity Automation
CyberSecurity AutomationCyberSecurity Automation
CyberSecurity Automation
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

Benefits of Semi Automation - Learn Security Analysis A Lot From Football

  • 2. Introduction In football, planning every move down to the smallest details is everything. Any coach worth his or her salt has a playbook of strategies and every move, as impulsive as it may seem, has been carefully calculated with perfect “If this, then that” precision, before it ever took place. Yet, although every play has been pre-charted, effective execution relies on the adaptability of players in the moment and a keen understanding of the adjustments
  • 3. When it comes to the security of corporate data, it’s not all that different from football. In order to be ready for anything that comes your way, all aspects need to be planned and mapped out beforehand, automated with a predetermined course of action – in the vernacular, “IFTTT”. This security playbook is called security automation and it’s an imperative part of keeping all parts of a security operation workflow moving together in precise and accurate motion. Security Playbook
  • 4. In the complex corporate security environment, automation is increasingly the “go-to” answer for organizations lost in a sea of alerts, logs and data. But there is a danger in putting too much faith into security automation and orchestration alone. Organizations often turn to automation looking for a technological cure-all for their security woes, but while they are very good at what they do (at least theoretically), many security professionals are wary of handing off their most critical processes to a black box that cannot make up for the human intellect element. Automation
  • 5. Machines are not people and as such, do not waiver from their predetermined playbooks, sometimes to the detriment of the goal at hand – that of keeping corporate data secure. As Gartner security analyst Anton Chuvakin points out. “There is – at this stage of security technology development, at least – GOOD AUTOMATION and EVIL AUTOMATION. Longer term, we will certainly see more automation and more domains of information security (cybersecurity, if you have to) covered by automation, BUT I’d be willing to bet anything that the profession of a security analyst will never be full automated.”1 Technology Development
  • 6. In Forbes, Courtney Nash writes: “From a security standpoint, automation provides infrastructure security, and makes it auditable. But it doesn’t really increase data/information security (e.g. this file can/cannot live on that server)–those too are human tasks requiring human judgement.” Often, just like football’s receiver has to make a moment’s call and adjust strategies, relying on automation and orchestration alone is too rigid. To be truly useful, orchestration must become far more flexible and include people in those processes. What To Learn From Football
  • 7. Semi-automation, in which team’s impact processes, creates the opportunity to define and refine the playbook’s rules. Teams know their own organization better than any template ever could, so orchestration needs to be a dynamic, malleable entity to be effective, with people influencing and overseeing the process. Chuvakin also states that: “To mitigate its “evil effects” while preserving the benefits, look at “semi-automated” or assisted mode with human influence in the loop where the automation gathers all the information and then a human makes one simple call with all available data.” Flexibility in Automation
  • 8. When incorporating flexibility into the automation process, a typical scenario could go something like this: Within Automation
  • 9. The automated process and human intellect work together to create a dynamic, adaptable security infrastructure. Properly implemented the right balance of man/machine mix help validate the relevancy of alerts – allowing analysts to close/eliminate cases more quickly and make sure analysts only look at cases that actually matter while getting rid of the “noise”. Because maintaining varying degrees of flexibility is in part dependent on the ability to navigate effectively across the security infrastructure, teams need tight integration with other security tools – the tighter the integration of all tools from end to end, the greater the ability to traverse between automation and human investigation. The Automated Process
  • 10. Finding the perfect balance between human intellect and predetermined moves is a bit of an art form, just like in football. Flexibility within automation, with the input of those people who know their processes best, is the key to complete security. Conclusion