How automation can fill the enterprise cybersecurity skills gap

Automation is the way that teams gain a humongous amount of leverage in the speed and effectiveness of cyberdefense, says LogicHub CEO and co-founder Kumar Saurabh.

How automation can fill the enterprise cybersecurity skills gap

Automation may be the key to filling the enterprise cybersecurity skills gap. Kumar Saurabh, CEO and co-founder of LogicHub, and Chad Loeven, VP of sales and marketing at VMRay spoke with TechRepublic's Dan Patterson about the future of cybersecurity skills. The following is an edited transcript of the interview.

Dan Patterson: Kumar Saurabh, the CEO and co-founder of LogicHub. Chad Loeven, VP of Sales and Marketing at VMRay. Thanks a lot for joining Tech Republic and ZDNet today. We're talking about cybersecurity, automation, and filling the cyber-security skills gap. How machine learning, big data analysis, and of course, artificial intelligence, can help enterprise companies operate more efficiently. And pick up where humans... we just have a human gap. So both of you, thank you for joining us today.

Kumar, let's start with you. What role is automation playing in cybersecurity?

Kumar Saurabh: Automation, especially in the recent years, people have realized that this is the way to bridge the gap. You alluded to security gap. At many of the conferences, a lot of CISO, chief information security officers, and security teams in general realized that the problem has gotten bigger and bigger over the years. In terms of data, in terms of IT infrastructure, in terms of the pace of change. IT infrastructure is very agile and the dev ops world, in a new age where everything is digitized, IT infrastructure changes minute to minute. So keeping it secure with just people is a losing battle. Most of the teams have realized that.

SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)

Automation is the way that these teams can gain a humongous amount of leverage in both the speed and effectiveness by using automation much more effectively. It's a very critical tool sec ops teams are using to make their enterprises secure.

Dan Patterson: Chad?

Chad Loeven: Thanks. To Kumar's point, we fundamentally deal with two realities. One is that there is a lack of truly skilled people in this industry. There's that ever-present skills shortage. You really need to have tools in place that are gonna give you that force multiplier effect. Now, Kumar, of course LogicHub, they had the sec ops side of it. On our side, the force multiplier that we provide is automating the analysis. So, making that less of a manual process where you're passing through individual analyses, of individual threats sort of line by line, and more leveraging the baked in skills of the tool to allow the analyst to essentially scan at the high level across a broad range of threats, to focus on where they need to focus on.

That's related to the second reality; we have this firehose of information. The bad guys figured out a long time ago that they can basically drown us with noise. They can come up with polymorphic threats. They could just simply throw lots of stuff at us. Very famously, if you followed the story of the Target breach, that was essentially what happened. The right tools were sending off the right signals but the signals were literally lost in the noise. All of us have to address that challenge of both leveraging the relative paucity of skills, and also highlighting the signals out of the noise.

SEE: This ransomware-spreading botnet will now screengrab your desktop too (ZDNet)

Dan Patterson: What role does regulation like the upcoming GDPR play in data management and the role artificial intelligence plays in data management, in terms of creating a unified cyber strategy that may have some regulatory hurdles?

Chad Loeven: Would you like me to take that? Or Kumar?

Dan Patterson: Yeah, please Chad.

Chad Loeven: I'll start from our perspective. GDPR, even though it's virtually everyone, so we have to tread very carefully because, in essence, for those that aren't familiar with it, we are very restricted from exposing inadvertently PII, personally identifiable information, for example. So it's a little bit like say, a HIPPA regulation in US that a lot of people are familiar with, but applied broadly to everyone and everything. A US company dealing with another US company can collaterally and incidentally violate GDPR. If, for example, an email attached containing personal information from somebody in Europe is processed and analyzed and inadvertently mistreated.

In our case, our data centers are actually in Europe, so we have somewhat of a head start in terms of knowing what's coming and being used to having to deal with the much stricter European privacy regulations. But, we certainly have to make sure that all our partners are aware and upgrade the entire ecosystem basically to accommodate that. There's definitely a downside 'cause it does limit the collaboration that you can do sometimes. And of course, collaboration is very important. Coming to you... second question. In terms of collaborating and corroborating and correlating across different threat sources. This makes the power a little bit higher in terms of what you can and cannot share.

Dan Patterson: Kumar?

Kumar Saurabh: One of the things that, in terms of, like most regulations, on the one hand, it establishes best practices. The reality of it is that there is a cost attached to it. In order to maintain that you have the right amount of data and you're not exposing data inadvertently, you have to have good management practices around the data.

SEE: New Spider ransomware threatens to delete your files if you don't pay within 96 hours (ZDnet)

This is another one; big data has been around for years. While it might sound conceptually like a simple thing to do, when you actually get into an implementation phase, it can become very gnarly at large enterprises of the size. This is yet another area where one of the parts of the strategy, one of the critical part of the strategy, would be to how to do all of this in, more or less, an automated way. The reason I bring that particular piece in place because crafting a strategy to do it in an ad-hoc way is going to have a lot of holes. It's going to be very expensive.

One thing that we think around the data management policy as well... and this is where we see a whole spectrum of companies. There are companies that are really, really good at this. If you look at what are the operational principles that they're using that separates the great ones from the not so great ones, not so good ones, one of the things that we've seen again and again is the degree to which these kinds of data ops teams or ops teams are actually using more and more automated processes. Because, how do you deal with all this data sprawl? Until you can have a uniform process around it, it can get really gnarly, and it can get really expensive. The fines are ... GDPR has real teeth. It's not like you can get away with it.

Looking at practices, tooling, and processes that can achieve the goals, but in a very cost effective manner, would be a critical part of the strategy.

Dan Patterson: Gentlemen, last question for both of you. What advice do you have for CISO's at enterprise companies looking to fill the cyber skills gap with automation and AI tools?

Kumar Saurabh: I can take that one. The big advice that I would have, it's really a step-by-step process. I think people should not feel like there is a spectrum of maturity. A lot of people think of all-or-nothing approach. One big thing that I've seen many companies do, no matter where you are on the spectrum from an automation maturity perspective, there are processes that you're doing, that people are doing, that you can look at. The first stage is basically documenting and having awareness but then going on and looking at some of the automation technology that's out there and bringing it to the teams.

That would be one of the big advice that I would say, no matter what the maturity level is, there is always... you can always get better at automation.

Dan Patterson: Chad?

Chad Loeven: I would second that. I would also say that, don't automate a bad process. Except for the most mature organizations. It's rare that we see, or come into an organization, we see that they have all their ducks lined up. They could probably spend a bit more time just taking care of the basics. Also avoid "shiny new object" syndrome. We're all guilty in this industry of pushing the latest baubles and talking about the buzz words. Sometimes those buzz words add real value, but sometimes you get more value out of really just taking care of some of the basic leg work. To Kumar's point, documenting what you do. Making sure that that process that you're documenting is a good one. And then, applying the tools to make that process more efficient and leveraging the skills that you have.

Also see

Kumar Saurabh, CEO and co-founder of LogicHub