Is automation the answer to our age-old security fears? By Aron Heller | Nokia, Monday, 10 May 2021

A version of this story was published in Security Boulevard.

Technological advances have revolutionized our lifestyles, but they have yet to eliminate one of our most primal fears. While we enjoy the fruits of our online existence, we still live under the constant concern that our personal data will be compromised and fall into the hands of others.

Can our interconnected life in the cloud coexist with our right to privacy? It’s a question that continues to dog us, especially as we migrate toward 5G networks and increasingly work from home in the age of COVID-19.

With every technology we introduce to expand our reach, we create a larger attack surface for hackers to target. The coronavirus crisis has increasingly forced us to log in remotely to sensitive servers and systems, leaving us susceptible to attacks and providing a boon for cybercriminals.

The answer to staying one step ahead of them lies in automation. Our systems have simply become too sophisticated and expansive for overworked and overwhelmed humans to manage our defenses alone.

In just a matter of months in 2020, hundreds of COVID-19 domains were registered and half of them were thought to be involved in malicious activity. Hackers launched broad spam attacks as well as highly targeted email-based phishing campaigns that preyed on people’s need to stay connected during the pandemic. This comes on top of the usual threats of ransomware, DDoS attacks or even phishing malware.

Prior to the pandemic, most companies limited access to critical systems to the physical office space. But now secure connections are required from home, creating a highway to the office that exposes individuals and their employers to a far greater degree. Remote workers have been tricked into activating malware such as infected videoconferencing apps that give cybercriminals full access to their companies’ servers and systems.

In the first six months of 2019, even before the outbreak, more than 3,800 data breaches exposed 4.1 billion records, the worst year on record for breach activity and more than a 50 percent increase to the midyear mark of 2018. The disruptive technologies of 5G, the Internet of Things (IoT) and the cloud will only create more potential cyber-risks. IoT connections alone will reach almost 25 billion globally by 2025.

Automation and analytics play a key role in helping us respond quickly and proactively to threats, and to eliminate the time between detection and mitigation. Fighting the growing volume of threats requires automated operational workflows and integrated threat intelligence – all in real time.

We not only need to do more, but we need to do it more effectively. In the world of security there are a lot of false positives and most of the alerts we receive turn out not to be real threats. Even more disturbingly, real incidents will typically trip more than one system and the attack could fall between the cracks of a human analysis.

Modern security operations provide us plenty of tools. But the shortage of cybersecurity professionals needed to investigate all these warnings eat up valuable analyst time on investigating what often turn out to be false positives while allowing real threats to carry on unabated.

That’s where a solution like Nokia’s NetGuard Security Management Center comes in, with automation and orchestration features that connect disparate systems into a single integrated one. The cloud-native platform plugs into an existing infrastructure to counter attacks and radically reduce the threat dwell time and human-powered tasks and response time.

Such a security automation service, which was recently chosen to secure the United States’ first cloud-native, Open RAN-based 5G wireless network, allows analysts to prioritize risks and automate their security operations according to specific attack surfaces and business operations, reducing the cost of labor for repetitive actions.

All this is tricky enough in dealing with individual servers but what about an interconnected city, in which hacking into one sensor could provide a gateway to thousands of others?

Given the crisis, there is a dire need to relieve the pressure on security teams by automating threat detection and response. Adaptability, speed, integration and automation are the crucial features of an efficient 5G security and response system. These include building a strong network, securing smart devices and employing a “zero trust” protection framework.

Essentially, we have increased the complexity such that we need to apply machine learning and automation to close the new risks that we are creating by making these services available.

In a digital world composed of smart cities, power-grid companies and critical infrastructure in health, police or government, we need tailored threat intelligence to make sure these systems can continue to operate safety and without interruption. Only artificial intelligence can guarantee that.

Typically, the more convenience you provide people, the less secure they will be. What automation does is allow us to keep the convenience while still staying safe. To do that, and protect every possible entry point, we need the help of machines.