Next-Generation Security Orchestration Platform from Ayehu

Cybersecurity automation applications are hyped as one of the emerging technologies in IT security. Aided by a fervent increase in machine learning (ML) technologies and the proliferation of data analytics, automation aims to provide some much-needed support for security analysts and IT engineers. During the RSA Conference (February 2017), cybersecurity vendor Ayehu unveiled its brand new, next-generation automation and orchestration platform for IT and security operations, which includes both fully- and partially-automated solutions.

Ayehu’s solution boasts, among other features, improved ML-driven support additions, audit workflow trail, custom-fitted incident control, interoperability, and seamless integration with other existing solutions. The company aims to stand out as a leading vendor in automated security processes by marketing its solutions as manual-free applications aiming to eliminate repetitive tasks from security personnel.

There is no doubt that this is, in fact, the true purpose of automation: assisting security personnel to make intelligent decisions and free time-consuming activities. However, the discussion regarding advanced automated processes in cybersecurity is now portrayed as an oxymoron. On the one hand, automation is seen as new technology that will undoubtedly provide the support that IT security needs to stay afloat during the continuous escalation of cyber threats. On the other hand, many organizations are still quite skeptical that some actions can or should be automated, which is reflected with lower implementations in top-tier applications such as incident response (IR), encryption and certification management, access and privilege control, etc. A recent ABI Research report, The Role of Automation in Cybersecurity (AN-2458), will shed more light into this challenge. Given the fact that most IT departments are understaffed, overwhelmed, and have limited budgets, the vital question now transitions to the following: if automation is unavoidable, what should be automated?  

ABI Research posits that there are a minimum of seven emerging automated security applications that can be realized and, if properly upgraded, can provide a steady foundation for further technologies:

• Automated data recovery, server migration, and database archiving practices
• Automated patching across multiple server instances
• Optimize performance in systems engineering
• Expedite machine-readable data formatting
• Streamline security alerts
• Certification management for TSL/SSL
• Permission control and privilege management

The underlying hypothesis is that the autonomous processes should first be put to the test tackling the aforementioned challenges before they proceed to confront other more critical functions like IR. The reason why autonomous IR is a hot topic right now is because of the inability of IT personnel to manually tend to the ever-increasing number of security alerts. Nonetheless, there have been some innovative approaches arising from SIEMs (e.g., Intel, IBM, HP) and promising cybersecurity vendors (e.g., Tripwire, Ayehu, Hexadite), but it will take some time before true automated IR is realized.