Showing results for 
Search instead for 
Did you mean: 
Create Post

Four keys to successful cyber defense automation

Level 13

Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting article by my colleague Jim Hansen where he provides tips on leveraging automation to improve your cybersecurity, including deciding what to automate and what tools to deploy to help.

Automation can reduce the need to perform mundane tasks, improve efficiency, and create a more agile response to threats. For example, administrators can use artificial intelligence and machine learning to ascertain the severity of potential threats and remediate them through the appropriate automated responses. They can also automate scripts, so they don’t have to repeat the same configuration process every time a new device is added to their networks.

But while automation can save enormous amounts of time, increase productivity, and bolster security, it’s not necessarily appropriate for every task, nor can it operate unchecked. Here are four strategies for effectively automating network security within government agencies.

1. Earmark What Should—And Shouldn’t—Be Automated.

Setting up automation can take time, so it may not be worth the effort to automate smaller jobs requiring only a handful of resources or a small amount of time to manage. IT staff should also conduct application testing themselves and must always have the final say on security policies.

Security itself, however, is ripe for automation. With the number of global cyberattacks rising, the challenge has become too vast and complex for manual threat management. Administrators need systems capable of continually policing their networks, automatically updating threat intelligence, and monitoring and responding to potential threats.

2. Identify the Right Tools.

Once the strategy is in place, it’s time to consider which tools to deploy. There are several security automation tools available, and they all have different feature sets. Begin by researching vendors with a track record of government certifications, such as Common Criteria, or are compliant with the Defense Information Systems Agency requirements.

Continuous network monitoring for potential intrusions and suspicious activity is a necessity. Being able to automatically monitor log files and analyze them against multiple sources of threat intelligence is critical to being able to discover and, if necessary, deny access to questionable network traffic. The system should also be able to automatically implement predetermined security policies and remediate threats.

3. Augment Security Intelligence.

Artificial intelligence and machine learning should also be considered indispensable, especially as IT managers struggle to keep up with the changing threat landscape. Through machine learning, security systems can absorb and analyze data retrieved from past intrusions to automatically and dynamically implement appropriate responses to the latest threats, helping keep administrators one step ahead of hackers.

4. Remember Automation Isn’t Automatic.

The old saying “trust but verify” applies to computers as much as people. Despite the move toward automation, people are and will always be an important part of the process.

Network administrators must conduct the appropriate due diligence and continually audit, monitor and maintain their automated tasks to ensure they’re performing as expected. Updates and patches should be applied as they become available, for example.

Automating an agency’s security measures can be a truly freeing experience for time- and resource-challenged IT managers. They’ll no longer have to spend time tracking down false red flags, rewriting scripts, or manually attempting to remediate every potential threat. Meanwhile, they’ll be able to rest easy knowing the automated system has their backs and their agencies’ security postures have been improved.

Find the full article on Government Computer News.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.


What shouldn't be automated:  W.O.P.R.   WarGames clip - WOPR described - YouTube

And the lesson learned:    Wargames Ending - YouTube

Level 16

Thanks for the write up!


Automated or not, you still have to review logs to see if the automation encountered a problem or if what the automation is interacting with has changed.


Thanks for the write up.


I remember the days when Intrusion Detection was becoming Intrusion Prevention. There was sill a lot of people that wanted Detection so that a human would have to analyze the anomaly to determine if it was just something new or an actual intrusion.  The fear was that legitimate traffic could be blocked by automation. The trend has turned and most people are willing to allow an occasional block of legitimate traffic in favor of better security. Fortunately the intelligence behind this type of system makes the false positive pretty rare. But overall in the network, as mentioned, choosing what should and should not be automated is of major concern, for a number of reasons. Again that's where planning comes into play. It's critical to make that list and then prioritize to get the best value from your expenses and resources.

Level 13

Thanks for the Article

Level 10

I got caught up in Amazon's automation. I just tried to order a new Samsung phone recently, and evidently, since I had not ordered a phone before, their system went crazy. Their automated fraud alert program cancelled all my orders, locked out my password, shut down my account for two hours, and cancelled my Prime membership. I had to talk to a person to order the phone, and he sent in paperwork for review that took 48 hours to reverse their fraud damage. I had to sign up for Prime manually after that to get it back. I was having the phone delivered to a secure location (Whole Foods), and I am the only one who could open the container. How their system thought that was fraud is beyond me.


because it was anomalous behaviour to your normal purchase activity.

Level 10

Obviously, but their method to correct it was what I was addressing. They need to take care of their mistakes like this more quickly. A 48 hour turnaround is unacceptable for an erroneous instantaneous shutdown.


I agree...but like many companies the "documented" process takes time to work its way through the various groups that have to work the ticket.

Not unlike the credit card refund process from a business where it can take 5-14 business days.  I will state that in some cases I have seen it in as few as 2 days.  It has improved.

Level 10

Exactly! Sad but true. For the most part, the companies do not have any incentive to refund anyone's money in any hurry.