The WannaCry and Petya ransomware outbreaks damaged enterprise networks around the world and struck fear into the hearts of IT and security chiefs everywhere. And for every enterprise, particularly those in financial sector, it\u2019s not a matter of \u2018if\u2019 they will get attacked, it\u2019s \u2018when.\u2019\nThe sheer number of outbreaks and the financial and brand damage they can inflict is putting immense pressure on CIOs and CISOs in financial services and other market sectors to ensure their cyber security policies and procedures are up to date. For some, the opportunity to automate daily IT security management tasks is one that is too good to pass up.\nIT chiefs gathered in Sydney recently to discuss how they are automating their cyber security management tasks in this complex global threat environment and the challenges that automation is helping them overcome.\nJames Sillence, senior manager of systems engineering at Juniper Networks, says that for some time, cyber attacks have been machine-generated and automated.\n\u201cIf our response to that kind of attack requires human intervention, it becomes inevitable that at some point we will succumb to an attack. In today\u2019s internet, what\u2019s imperative for a robust cyber security posture is a machine-based, automated response to a machine-based, automated attack,\u201d said Sillence.\nRobert Kingma, CEO at ICT Networks, adds that the focus on the automation of security event management and incident response is driven by an ever increasing volume, velocity and complexity of attacks against networks plus a \u2018very real\u2019 lack of affordable skilled security professionals.\n\u201cThe speed of today\u2019s security environment means that if a human is involved, an event will have moved past [network] security and is now a forensics case,\u201d he said.\n\u201cAutomation globalises attack identification, machine learning defines defence stances and instantly updates defences,\u201d Kingma added. \u201cDefences are implemented against pre-defined security policies blocking traffic, diverting traffic or perhaps quarantining and infected device. Automation promises to release skilled security professionals from event management and incident response duties to focus on policy development and compliance.\u201d\nBen Lyons, head of information technology at chartered accounting group, HLB Mann Judd, says his organisation has invested heavily in reducing the variability of end user devices. A \u2018minimalist standard operating environment\u2019 \u2013 managed through software deployment tools and analysed using a behavioural profiling platform \u2013 has provided some valuable insights.\nLyons says the company expects to automate more security management processes in the future as vendors either include automation or become more open to third-party integration for external management.\n\u201cWe are already seeing an information overload from the helpdesk, monitoring tools and the various security platforms. Automation is key to ensuring alerts are triaged and where appropriate, action is taken quickly,\u201d he says. \u201cOur greatest focus is to protect the data at its source by limiting access to a \u2018need to know\u2019 basis.\u201d\nHe adds that the introduction of real-time user and document access analytics and exception reporting by its document management system provider will also identify threats and potentially reduce data misuse.\nDavid Russell, chief technology officer at DirectMoney, says that although the marketplace lender doesn\u2019t currently automate cyber security management tasks, the organisation is looking at automation options to strengthen its DevOps processes, which include security automation.\n\u201cOne of goals is to improve the frequency of deployment cycles. Doing so can reduce the risk of each deployment, deliver new features into the market sooner and respond quicker to market insights or production issues,\u201d Russell says.\n\u201cAutomated scripts are critical in achieving this as they provide rapid feedback at each stage of development and deployment, and reduce the time a feature spends in rework or waiting for manual intervention.\n\u201cHowever, to take full advantage of an automated delivery pipeline, we also need to consider how work is prioritised and resources aligned to minimise bottlenecks and maximise our most effective resources. The combination of deployment automation and process improvement is where we are focusing right now.\u201d\nCloud a \u2018wake-up call\u2019\nEnterprises of all sizes are moving an increasing number of IT services to third-party cloud providers. During the luncheon, attendees were asked if the move to cloud has changed their security posture, particularly given that they are now sharing security information with a third-party that is serving the needs of many organisations.\nJuniper Networks\u2019 Sillence says that for companies that have always had a robust security posture, moving workloads to a cloud service provider is just seen as an extension of their policies.\n\u201cThe delineation between \u2018on-premise and off-premise\u2019 workloads should be indiscernible from a security perspective. On the other hand, for organisations that have relied on relative isolation of their private data centre to protect themselves, the cloud is a wake-up call," he said.\n\u201cThis is not because the cloud is inherently less secure but because an organisation\u2019s secure perimeter now extends beyond its four walls and significantly increases their attack surface,\u201d he added.\nHLB Mann Judd\u2019s Lyons said: \u201cThe days of on-premise \u2018security by obscurity\u2019 are well and truly gone. However, due to regular online data breaches, there is still a hesitation for many to move to the cloud.\u201d\nBut Sillence concluded that although organisations have been reluctant to share security information ion the past, attitudes are now changing as some move their services to the cloud.\n\u201cAs defenders, we are beginning to understand that information sharing is really important in terms of building threat intelligence, and we are seeing more information being exchanged. However, as developing threat intelligence is only part of the solution, providing the mechanism to consume that intelligence \u2013 which can then be applied to your automated event response \u2013 is critical.\u201d\nA possible answer to the skills gap?\nAttendees agreed that security automation will go at least some way to addressing the shortage of people with cyber security skills at least in the short to medium term.\nThe \u2018detect and remediate\u2019 posture relies on Juniper having security analysts on staff to deal with potential security breaches, said Sillence.\n \n \n\u201cThese personnel are highly trained, expensive and generally a rare breed but organisations often use them to deal with the mundane,\u201d he said. \u201cAs the number of incidents increase, the only way to scale this posture is to employ more security analysts, which you probably can\u2019t for budget or scarcity reasons.\n\u201cThe only logical way to break the impasse is to employ a posture that relies on automation to deal with the noise \u2013 95 per cent of your security incidents \u2013 and free up your security team to deal with the things are really going to hurt you,\u201d Sillence said.\nCharlie Yan, head of IT security at BNP Paribas Australia says the investment bank is having difficulty finding people with the right security skills. The organisation also needs to hire more experienced professionals to train staff so they are familiar with automated processes and tools, he says.\nHLB Mann Judd\u2019s Lyons, adds that as an SME, the firm is not the natural choice for an aspiring cyber expert to seek employment. It relies on a small internal team complemented by specialist partnerships to fulfil its needs.\n\u201cSecurity automation is critical to achieve efficiency and reduce human error especially when third-parties are involved,\u201d he said.