Bridging the skills gap: Security process automation

This is a guest blog by Jody Brazil, CEO of FireMon

One of the most pressing issues in IT security management today remains the critical shortage of skilled professionals available to address current demands.

Thumbnail image for Jody Brazil, CEO of FireMon.jpg

For example, an April 2014 study conducted by Frost & Sullivan found demand for 4.25 million security professionals by 2017, with only 2.25 million trained workers worldwide today, a 47 percent shortfall.   

The situation clearly amounts to a significant challenge and this means that today’s enterprises, and truthfully organisations of all sizes, find themselves in the position of needing new methods to get more out of existing IT security teams.

One available solution is the continued maturation of technologies that automate security tasks, freeing up workers to address other responsibilities. In many cases, leveraging automation also proves advantageous in performing widespread, highly repetitive tasks using computer intelligence, allowing humans to focus on jobs that require creative ingenuity.

Network firewall management is one area where automation can maximise staffing resources and greatly improve overall efficiency. These devices, and the policies that dictate their configurations, have often been in place for many years and become overly complex and inefficient.

This situation also represents one of the most troubling aspects of enterprise security, as the lack of effective review and adaptation of network access often leads to opportunities for malicious attacks and subsequent breach incidents.

Additionally, firewall policies are constantly expanded and revised to support evolving business needs, heightening the issue. As a result of these factors, industry analysts Gartner report that “through 2018, more than 95 percent of [all related] breaches will be caused by firewall misconfigurations, not firewall flaws.”

Automation is also particularly helpful in addressing firewall rules and policy management because the involved review process must be practiced continually to prevent emerging risk exposures, driven by ongoing change.

Industry experts such as the National Institute of Standards and Technology (NIST) back this continuous assessment approach in nearly all of their best practices (including the NIST 800-53 and 800-41 frameworks).

This is also an area where computing intelligence is clearly preferable to manual, hands-on methodologies – in a typical enterprise this process involves the ongoing evaluation of tens of thousands of rules distributed across hundreds of firewalls.

Using humans to complete this work is neither a practical nor professionally rewarding approach, as it involves documenting each rule, evaluating it against a policy, and then reviewing this data with relevant business owners, which can take hours… per rule! To do this effectively using manual processes would result in the need for dozens of full time staffers within a typical enterprise.

It’s also worth noting that leveraging such “process automation” addresses the most significant element of this challenge without putting the network or security at greater potential risk, as could be the case by automating configuration changes without human oversight.

Beyond the opportunity to free up and empower existing staff, automating firewall rules and policy review – along with related risk management tasks – advances other tasks such including mandated compliance audits (such as for PCI DSS).

By using automation tools such as FireMon’s for firewall analysis, policy validation, change reporting, documentation and many other related processes, some organisations have been able to cut compliance audit staffing by over 50 percent.

To address the current security staffing shortage organisations need to help their existing employees increase productivity and cover more territory until the necessary reserves eventually arrive, if ever.

The best manner of accomplishing this goal is leveraging automation to allow security teams to do so, and automating network firewall management is a prime example of how this feat can be realised.