In a recent survey, Radware found that attacks that last only an hour or less are on the rise – and more than half of the three biggest attacks fell into that category. The implications of these findings are clear. It’s likely that very soon, even long attack campaigns will be based on short bursts of traffic – bursts which are difficult, if not impossible, for humans to effectively mitigate.
The issue here is that even the most skilled IT professionals need time to deploy detection technologies and choreograph their responses. Existing solutions often require a heavy degree of manual intervention – which means they’re ill-suited to effectively react to the fast pace of modern attacks. That’s where automation comes in.
Increasingly, startups are coming to market with a wide range of security solutions that automate tasks which traditionally were entirely the realm of security professionals. These include areas such as compliance, vulnerability assessments, information and workplace governance, disaster recovery, IAM, and – perhaps most notably – incident detection and response. Simply put, the cost of employing a security professional coupled with the cost of a delayed response to a critical incident will soon make automation a far more budget-conscious decision.
There are several reasons for this:
- Lower insurance costs
- Fewer violations of corporate and security policies
- Significantly improved uptime
- Fewer accidents, lower risks
- Decreased security liabilities.
You might scoff at the thought that humans could ever be replaced by machines in any capacity – yet in many industries, this is already happening. Most blogs have some form of automation in place, and some news publications are flirting with the idea of automating stories such as financial reports and press releases. The stock market is almost entirely managed by bots, while legal research is generally carried out through automation.
In short, as with many industries, automation is the future – yet at the same time, it’s extremely unlikely that bots will replace security professionals entirely. There are still a few areas where a human touch will be necessary. And it’s in these areas that your organization will – like many others – eventually need to draw a line.
The Human Touch
Professionals chiefly dedicated to installing and managing active security solutions will soon find their skills to be in less demand. What will instead become critical – and what every IT professional will instead need to learn – is the skillset required to successfully implement automation. An understanding of the white-hat bots which will soon flood the workplace will be subject to increasing demand, and the capacity to work in an agile, high-quality detection and mitigation environment will become critical.
Automation is in the future – for now, there are other threats your organization needs to mitigate. To learn more about them, download the Radware Global Application & Network Security Report.