Robot Defence: How automation can protect your business from attack

What is a Brand Discovery ?

Businesses have developed a hybrid approach to their IT systems to meet their strategic goals. Securing these resources from malicious attacks automatically is now possible. Learn how your enterprise’s on-premises and remote systems can protect themselves.

What if your business can automate its IT security? Installing services that can watch all of your networks, nodes, and remote access desktops for any unusual activity that could be malicious, is now possible. The practical advantages of automated security systems for your enterprise are cost and efficiency savings and a reduction in the skilled security staff you need.

How your business needs to respond to the cybersecurity threats it now faces must be comprehensive. Says Alexander Moiseev, chief business officer at Kaspersky: “2020 has put many companies in situations where they needed to respond, so they wisely concentrated all their resources and efforts on staying afloat. Even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses, who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defenses.”

Cybersecurity has been moving through a period of significant change because of  COVID-19. Business processes have been transformed. Digital services and networks have moved to the homes of employees. These changes have meant threats are now much harder for IT teams to identify.      

On-premises, remote, and hybrid cloud deployments have bought massive benefits to all enterprises. Before the pandemic, the development of hosted services was accelerating. As COVID-19       took hold, the digital transformation roadmaps of many companies were thrown into disarray. And as workforces shifted their operations base to their homes, potential cyberattacks became even more invisible to CTOs who had been perfecting their security protocols to deliver safe on-site working environments.

What is needed are automatic security systems that watch over networks and remote desktops for any malicious activity. Businesses have been developing their use of automation for several years across many of their processes. When it comes to security, having a system that watches networks and, vitally, remote desktops is a powerful way to reduce cyberattacks.

There is clear security anxiety within the business community who have adopted new working practices as speed. A report from Hysolate and Team8 is revealing as it states: “Where should they draw the line between productivity and security with their corporate access and security policies?” The report shows 81% of CISOs (Chief Information Security Officers) report having workers who need administrative rights on their corporate devices but are reluctant to grant those permissions due to security concerns, with 80% of workers receiving phishing emails since March 2020. Kaspersky also discovered an average of 360,000 new malicious files were detected by Kaspersky per day—an increase of 5.2% when compared to the previous year.

Using any level of automation will require a shift in how security is approached, as it may seem counterproductive to use more machines to protect a business’s networks and endpoints. However, as the levels of threats increase and how threat actors now operate, some form of automation within your business’s overall security stance is a sensible option.

Automated protection

One of the weakest links in any business’s cybersecurity is the people using each digital system. As workforces moved to their homes, the risk of accidentally compromising their IT systems’ security expanded. Often, low levels of cybersecurity exist across an enterprise, further expanding the risks each business faces.

Educating workforces about the security risks, they need to pay close attention to how their behavior plays a significant role in securing the systems and services they use can’t be overstated. Using services such as Kaspersky Automated Security Awareness Platform (ASAP) reduces insider threat instances, as workforces over time, become educated about how to mitigate risks by changing their behavior, which then becomes automatic.

As employees’ homes become the security endpoint, how can your business automate its response to any cyberattacks? EDR (Endpoint Detection and Response) enables your business to identify any abnormal behavior as it happens. EDR is an advanced form of automated security that enables any company to move their endpoint security to the next level. Ransomware and particularly fileless threats can be detected. Fileless threats are important to understand, as these attacks can mimic legitimate activity, which can go unnoticed by remote users in particular.

EDR is also highly effective at reducing accidental security breaches. Human error is often the cause of a security incident. With automated protection systems like EDR in place, endpoints such as remote desktops can be monitored and protected. And as these services are delivered in a hosted environment, they can roll out and easily be maintained easily once installed.

Your business can also go further with its security automation services. Endpoint security is clearly the first step to reduce the security risks associated with the mass remote working your company may now have to manage. However, network security is just as essential and can also have its security automated.

A detailed insight into what’s happening across your IT infrastructure and the timely detection of the most sophisticated threats and targeted attacks is critical to have as part of your security automation services. Kaspersky Anti Targeted Attack Platform helps your organization build reliable defenses.

These defences protect your corporate infrastructure from APT-like threats and targeted attacks and support regulatory compliance without demanding additional IT security resources. The system includes: A detailed analysis of network traffic and endpoint telemetry. An emulation of threats via an advanced sandbox. Advanced discovery technologies and ATT&CK mapping. And complete visibility and rich context with your enterprise’s Threat Intelligence.

The security that is protecting your business’s network, assets, and the endpoints should be agile and have the ability to track your systems. This is vital to ensure your business has fully automatic rollback if your systems are compromised.

Machine Learning can now be applied to security systems, which learn to detect any anomalies that are automatically bought to the security monitors’ attention. It’s even possible to set-up these systems to react in pre-determined ways if any given scenario presents itself. This level of automation is particularly relevant today with APT (Advanced Persistent Threats) rapidly expanding.

Integrated security

Adopting a Zero Trust stance has become somewhat of a mantra for post-COVID-19 digital security. For all businesses, the threat landscape has massively changed. The pandemic has bought new forms of attack, as threat actors could see many more potential network access points as working from home became the norm.

Writing in Kaspersky Daily, Sergey Golubev advised: “Not all systems are equally well adapted to a Zero Trust transition. That means in many cases companies may need a gradual Zero Trust transition plan. For example, Google needed seven years to build the BeyondCorp framework based on Zero Trust. Implementation time may be substantially shorter for less-branched corporate organizations, but you shouldn’t expect to squeeze the process into a couple of weeks — or even months.”

CISOs tasked with developing agile and comprehensive security systems for their business that is changing rapidly will have little choice but to adopt some automated security response level. This could be simply network access and traffic tracking. However, as security breaches continue to develop in sophistication, automated security systems will themselves need to become more intelligent.