When thinking about automation in our workplace IT networks, it is easy to get carried away and conjure up sinister Bladerunner-style robots who work in-place of humans, slowly replacing us one by one.
SOC analyst bots who can plug directly into the network and detect anomalies almost instantaneously is a cool thought, but is probably much further off than the automation that is currently available; or that on the near horizon.
Instead, the automation that is bringing efficiency, faster response times and better security is replacing manual workflows. This automation is sometimes paired with some form of algorithm, often referred to as AI (artificial intelligence).
For some, automation has already touched their networks by use of simple repeated scripts. For others, automation has created entire hands-off operational workflows, such as incident response playbooks.
In either scenario and anything in-between, here are five areas of your network which could benefit from automation that you may not have considered.
1. Email and Web Security
Some may consider this to be a slightly stale area of IT, which hasn’t seen much improvement in recent years.
Well… they are wrong.
When I started working in the email and web security space, URLs and domains were categorised by humans. Those lists formed blacklists which would then be updated on email and web security solutions periodically. Of course, this meant any newly registered domains were uncategorised and open to abuse.
Today, automated systems categorise hundreds, if not thousands of domains and websites daily, reducing the need for human investigation. Such solutions can now even include domain tests (e.g. do they have proper DNS records?) which help to determine trustworthiness.
[You may also be interested to read "The Top 5 Cloud Security Challenges Haunting Every IT Manager"]
2. File Transfer and Script Execution
Probably one of my favourite areas of automation is the ability to tie operational workflows together.
This is something I have had the pleasure of working across many industries, from retail to banking to healthcare. We all need to move files, manipulate them and interact with other systems as a result. Doing this by hand is not only inefficient, but as the workflow becomes more critical, it is likely to become too slow for its purpose.
Automation solutions have the ability to connect to almost any repository of files, whether that be a connector with a third-party supplier or a cloud-based storage account. Move, change and even read those files for further interactions.
In my time, I have seen some fantastic examples of entire international procurement chains being automated and completed within minutes.
3. Network Security Response
There a number of solutions which can fit into the space of network security, and many of them now include automated capabilities.
Take for example, the humble firewall – the now staple of any modern network. Can you imagine not having one?
Outside of the core functionality of restricting port access, many firewalls have dynamic capabilities in closing ports and other connectivity streams based on patterns of traffic they are witnessing.
An example would be that should a firewall see more than 10 failed connections on SSH port 22, within two minutes, it closes all SSH ports for 1 hour. The firewall would continue to increase the lockout period for the duration of the continued behaviour.
It may sound disruptive, but of course the aim is to reduce potential attacks.
4. Incident Response
This is an area of automation which was mentioned earlier in this blog; and features as one of my favourite areas of potential automation, along with file transfer.
Whether it be a network breach or a loss of sensitive data, it is best practice to have an incident response plan ready to coordinate a response.
For some organisations, these incident response plans or playbooks may be enormous and complicated with multiple points of actions and multiple teams involved. To help this, an entire industry sector has evolved to take those playbooks and automate them as much as possible – even assigning team members to work on those portions which cannot be automated.
These incident response solutions have become incredibly popular as they speed up response times and ensure that teams stick to the defined response plans.
[You should also check out "5 Things All The Best Incident Response Plans Include"]
5. Data Classification
How do you know which data is sensitive and therefore what to protect? – it is the age-old question of data security.
The answer has always been some form of data classification, which other solutions around the network can read and take action against. But it was always reliant on humans to classify that data as it was created, leading to mistakes, mis-classification and a gap of unclassified data.
Today, we have automated intelligent classification systems which can open files, read them and decide how it should be classified based on the content. Thus, files can be tracked and protected in an appropriate way to the content that they contain.
Automation Saves Time and Money
Although we are not quite in the age of The Jetsons with robot servants allowing us to live and work in permanent retirement, there are some applications of automation which today can save swathes of time and as a result cut down on expenditure.
There are still IT tasks which require a human touch, however they are being neglected or rushed because IT teams are stuck working on areas which could be automated. In the time that I have been working with automated systems, I have seen some fantastic examples of ingenuity which combines the best of automation and human-led work. These are examples we can all learn from.
Today might not be a full take-over of the robots; but it is a time where we can improve our networks with a dash of automation.