Security process automation can drastically overcome this by, for example, automatically compiling an analysis of updated user information, emailing the suspicious user for a confirmation of activities, and then escalating the incident for review or removing permissions. As security processes become more integrated among systems, the ability to reduce event noise, track user activity and respond in real-time increases significantly.
Managing and enforcing change controls
Even the most well-configured systems change over time as the business evolves. "Configuration drift" must be managed carefully to maintain strong security controls. Organisations must be able to quickly identify when and what changes have occurred, and correlate this with internal change control procedures.
Security process automation for change management can go beyond detection and reporting to, for example, correlate changes on critical systems or applications with authorised change requests. This would automatically revalidate the security of the system by triggering a configuration assessment, and/or escalating changes for review by business owners.
In a budgetary environment where short-term gains must be demonstrated to justify additional expenditure, security process automation across disparate systems offers an immediate way to realise ROI. Manual workloads decrease, which improves efficiency and reduces costs, while the security of enterprise networks is strengthened.
Outlined above are the more immediate applications for security process automation. Taking a strategic approach to the integration of security processes opens doors to long-term benefits. Automation presents an opportunity to fully deploy event management capabilities, bridge operational silos, and enable the entire IT organisation to adapt more readily to changes in the security and business landscape.
Ultimately, to meet constantly evolving threats, security experts must have the freedom to focus on critical tasks, not manual labour.
David Bell is a systems engineer at NetIQ.