Maintaining and managing IT security is critical for any organization, but how much of this time is well spent, and how much time is lost as a result of inefficient processes? According to recent research by LogRhythm, over a third of IT decision makers said their teams are spending at least three hours a day performing tasks that could be handled by better, more efficient software.
What’s more, a majority of respondents felt that cybersecurity professionals waste as much as 10 hours per week due to missing features and capabilities in their software. Unsurprisingly, the survey concluded that these inefficiencies are hampering organizations’ ability to detect and respond quickly to cyber threats.
Why the waste?
While the research does not name the specific challenges encountered by IT teams in their security management and incident response processes, the sheer complexity of modern enterprises’ networks and security estates is highly likely to be a key contributing factor.
IT and security teams are often managing a plethora of different firewalls, from traditional through to next-generation from multiple vendors, as well as a range of cloud security controls (AWS, Azure, etc), without a holistic, single pane of glass view of their entire security estate. This means that trying to get a complete picture of the organization’s current security posture is time and resource-intensive as staff must manually collate data from a variety of management consoles.
This fragmented approach also wastes time when trying to make security changes. Security staff not only have to create and roll out polices that support the various languages of the different vendor security products, but also ensure that the policies do not disrupt any critical application traffic flows. Furthermore they must constantly check that rules and policies have been applied consistently across the entire infrastructure. This ultimately results in skilled staff spending too much valuable time in simply ‘keeping the lights on’.
What’s more, making security policy changes manually, across multiple firewall management consoles is prone to error, which can cause inadvertent outages and security gaps in the security perimeter. These incorrect configurations must then be investigated, identified and put right – draining yet more precious time. Documenting the reality of the security policy configurations is another area which takes up considerable time; yet it is essential for auditing and maintaining compliance.
So what can be done to give IT and security teams back more time to focus on what is most important?
Making up for lost time
Automating security policy management helps to eliminate the risks of manual configuration mistakes that can introduce security holes or cause application outages. This automation dramatically streamlines many of the routine, day-to-day tasks that security and IT teams perform, helping to free up their resources to focus on more strategic initiatives, such as supporting the introduction of new applications and services.
As automation solutions also self-document network topographies, configurations, security policies and more, audit and compliance reporting is now far faster, easier and more accurate.
One step beyond – integration with SIEM
With a security policy automation solution in place, enterprises can further improve the speed and efficiency of their incident response processes through integration with Security Information and Event Management (SIEM) software.
SIEM solutions collect alerts and logs from a broad range of security sensors, but then lack the ability to sift through and prioritize these security events within the context of how they might impact the business. Automation solutions that work hand-in-hand with SIEM solutions can enrich this technical data with visibility and information about the business applications impacted, enabling you to tie incidents to critical business applications.
With the increasing sophistication and frequency of threats making work increasingly difficult for IT and security teams, it’s time for organizations to adopt automation, so they can dedicate more time to improving their overall cybersecurity posture.
Receive notifications of new posts by email.