Red Bull is known for projecting an active brand. Behind the scenes, the IT security team also likes to be active, but not in the way the company's commercials would have you believe.
Despite the brand's tough image, Red Bull likes to be very zen. About a year ago, it began investing in automating some of its security operations, so the organization could free up detection and response resources to become more valuable, less tactical.
Sometimes, an organization's security strategy can be dangerous when it becomes overly defensive. However, when security teams want to be strategic, as Red Bull has shown, automation technology can actually help the security team think, not just act. (be seen Unknown document 741907)
(source: Flickr)
“We don't want to lose the right focus or be overprotective,” Red Bull Chief Information Security Officer Jamie Heschel told Security Now, explaining how responding to and resolving an incident can sometimes go wrong. Even interacting and processing properly, in his world, should ideally not be done manually because it comes at the expense of competing against hackers who have time on their hands and are highly innovative.
“Overwhelming or overly intrusive security controls are huge roadblocks when we want to be creative, spontaneous and innovative,” Heschel said. “Security overreaction – undertaken by colleagues who are primarily motivated by various compliance requirements – has a significant impact on these goals.”
The emergence of security automation
A number of technology vendors, including Demisto, IBM's Resilient Systems, Microsoft's Hexadite, and Red Bull's EnSilo, are capturing the mood with orchestration and automation offerings, powered by artificial intelligence and, more specifically, machine learning. (be seen Automation answers security skills shortage.)
Gartner 2017″An innovation vision for security orchestration, automation and response“The report finds that companies are being held back by wasting analyst time due to heavy manual processes.
“Security operations still rely primarily on manually created and maintained document-based procedures for operations, leading to issues such as longer analyst onboarding times, stale procedures, tribal knowledge, and inconsistencies in executing operational functions,” according to the report.
Increasingly, the driver behind endpoint detection and response (EDR) system automation is artificial intelligence and machine learning. These technologies fall on the hype curve, and for some organizations, these technologies offer not only the automation of manual work, but also the combination of acquired threat knowledge with their business security policies and then remediate attacks autonomously.
But the lack of human intervention, on the other hand, worries Red Bull.
“IVR is a challenge in itself,” Heschel said. “It's about giving up control, and automation always has some drawbacks. It's not the detection function I'm afraid, but the automated response from simple mail filters and network blocks; via user management and access to advanced countermeasures: the more complexity in the response, the more it can It happens by mistake.”
Accommodation time cost
The time that elapses between detecting a threat and responding to it – dwell time – is what costs organizations money in terms of increased risk of data theft or corruption, and the price of conducting investigations and remediation processes that typically take months.
Red Bull CISO Jamie Heschel
\r\n(Source: Red Bull)\r\n
A study conducted by the Ponemon Institute in 2017 on 419 companies entitled “Cost of a data breach“, reported that the time needed to identify and contain malicious attacks averaged 214 and 77 days, respectively. The average cost of a breach is currently around $4 million.
Want to learn more about leading operators' use cases for AI technologies? Join us in Austin May 14-16 for the fifth annual edition Big communications event. There is still time to register and telecom service providers will be able to enter for free!
Although the current trend toward zero dwell time is noble, it represents an enormous challenge. Fortunately, the more realistic return on investment in automated EDR is already benefiting Red Bull.
“It's the speed of getting started (that's important),” Heschel said. “On the other hand, it is the automation of response that makes us independent of scarce resources.
“It helps me address my biggest fear: losing focus,” Heschel added. “My team can use their time to think and improve instead of chasing opponents.”
Although it is the power of computing and learning that AI and machine learning support this drive, despite the hype, the technology itself is relatively unimportant.
“I believe machine learning and artificial intelligence are the way to meet and deliver on security initiatives,” said Roy Cutmore, CEO of EnSilo. “(But) organizations believe in added value – i.e. alert effectiveness, pre- and post-infection, and operational efficiency through automation. The technology behind it is less important.”
Related posts:
— Simon Marshall, technology journalist, for Security Now
