Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

What Automation Means For Cybersecurity—And Your Business

This article explains how automation can help turn the right information into action, helping to defend against cyberattacks, mitigate risk, shore up compliance and improve productivity.
Yaki Faitelson
3 min read
Last updated May 3, 2023

 

In the movie Apollo 13, three astronauts returning to Earth are unaware of their perilous reentry. Back in Houston at Mission Control, chief flight director Gene Kranz (played by Ed Harris) comments on the unfortunate events, saying: "Is there anything they can do about it?"

No one dared to speak.

"Then they don't need to know." 

If Kranz was in IT security, he'd probably have a thing or two to say about actionable information and how there's sometimes too little and many times far too much.

In this article, I'll share how automation can help turn the right information into action, helping to defend against cyberattacks, mitigate risk, shore up compliance and improve productivity.

You Can't Unbreach Data

The biggest security risk businesses face is lasting damage, which happens when data is lost or stolen. Worldwide data creation is expected to surpass 180 zettabytes between 2020 and 2025, and today's global shortage of 3.4 million cybersecurity workers means there aren't enough highly skilled employees—making it critical that automation doesn't just move bottlenecks around by introducing new or complex staffing requirements.

Attackers know that you can rebuild your cloud infrastructure or replace a laptop but that you can't "unbreach" data, so they turn your digital assets into a liability and threaten to leak or encrypt them unless you pay. Motivated attackers continue to find new ways to penetrate defenses along a swollen attack surface that's bloated from the pandemic due to more hybrid work, cloud services and remote devices. Some malicious actors have even learned how to turn employees into insider threats—the most dangerous threats of all.

With such a vast and fluid attack surface, there will always be at least one compromised account, employee or system—even if businesses do their best to keep up with patching devices and applications.

Distributed Edge, Centralized Data

As the edges of the attack surface grow, data moves toward massive, centralized cloud data stores and databases.

This trend will likely continue because centralized cloud data stores can help ensure all users, devices and services are connected and available to widespread teams. Without persistent and regular connections, a distributed workforce would be isolated and far less productive.

By centralizing data, we also concentrate most of the risk. If these data stores are well-controlled, we greatly reduce the fallout from any single compromised user or device. We must do our best to keep the edges locked down and monitor any worrisome signals they emit, but it no longer makes sense to allocate scarce resources where the bulk of the risk isn't.

If you don't know which direction an attack will come from, but you do know where it will go and do damage, that's where it makes sense to deploy resources. Logically, many security teams have started to focus more on these centralized data stores, looking toward automation to get a better handle on how these data stores are configured, used and controlled.

Where Automation Can Help

Let's start with basic questions, like "Is important data stored where it should be stored?" and "Are applications configured correctly?"

Automation can help answer these questions, but the answers usually lead to new questions and unforeseen bottlenecks. When sensitive data is discovered, for example, it invites questions about whether it's locked down correctly, how it's used and how long it should remain—assuming it's supposed to be there in the first place. Misconfigurations must be handled safely so they don't impair productivity.

Workflows, projects and jobs change over time, so what is correctly configured today won't be correctly configured six months from now. In highly collaborative environments where users share data without help or oversight from IT, it's reasonable to suspect many mistakes. Users will overshare the wrong data with the wrong people and retain access indefinitely.

How can you choose the right security automation?

  1. Guard what matters. It should go without saying that it's important to focus on where the risk is. This usually means the intersection of critical, sensitive and/or regulated data; a lot of collaboration; and weak controls.
  2. Sample your settings. If you're looking to optimize configurations or lock down your data, consider sampling your environment to get a better idea about how many issues you'll uncover initially, how many issues are introduced over time and whether you can automate the entire outcome—not just finding issues but fixing them.
  3. Sample the signals. If you're considering automation to detect and react to potential threats, make sure your staff is prepared to handle the signal volume and content and that you have the resources to optimize them. No one needs another noisemaker.
  4. Prioritize upstream controls. Automation that blocks risky or malicious activity downstream, at the edges, is easier to manage and more effective when the flow is cleaner. When teams try to block before locking things down and refining their signals, they sometimes impair critical business flows.

Automation should ease your burden, not add to it. If you invest time and effort in security automation, it must deliver outcomes and shouldn't leave you with new work you're not staffed to handle. If you need niche-level expertise to implement automation or act on the information it provides, then the productivity gains need to justify additional staffing costs and the challenges of finding staff with specialized skill sets.

As data grows in volume and value, it's getting harder to protect. Human reinforcements aren't coming fast enough, so automation can keep those massive data stores from going nova.

This article first appeared on Forbes.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

cloud-applications-put-your-data-at-risk---here's-how-to-regain-control
Cloud Applications Put Your Data At Risk - Here's How To Regain Control
Cloud applications boost productivity and ease collaboration. But when it comes to keeping your organization safe from cyberattacks, they're also a big, growing risk. Your data is in more places...
ai-at-work:-three-steps-to-prepare-and-protect-your-business
AI At Work: Three Steps To Prepare And Protect Your Business
Discover how your business can prepare and protect your sensitive data from the risks that generative AI presents.
your-sales-data-is-mission-critical:-are-you-protecting-it?
Your Sales Data Is Mission-Critical: Are You Protecting It?
If you’re like many executives, you might assume your data is secure within those cloud applications. That’s a dangerous assumption, though. Cloud providers are responsible for everything that delivers their application (e.g., their data center); it’s your responsibility to protect the data inside it.
polyrize-acquisition
Polyrize Acquisition
I’m excited to announce today our agreement to acquire Polyrize, a software company whose team and products are a natural fit as part of the Varonis family. This is the first company Varonis has acquired, and I want to give you some background on the strategic rationale for today’s announcement.