At the recent IT Security Automation Conference, U.S. Government cybersecurity experts like Howard Schmidt and Tony Sager spoke about the value of security automation and continuous monitoring. What are they talking about and can it be useful in a commercial setting?

Security automation is a broad topic. Basically, it involves automating the drudgery of information security so that humans can concentrate on the more interesting parts. This automation is a constant process. As security technology gets better, more things can be automated. Today, we enjoy automated detection and blocking of malware and spam, automated response to DDoS attacks, etc.

One early area for security automation was software patching. In the old days, patching was manual. About ten years ago, most companies moved to automated patching. Today, even home users enjoy automated patching built into the operating system. Automated patching is not perfect but the benefits (reduced effort and better security) outweigh the downsides (occasional problems caused by patches).

Endpoint configuration management is another area where automation is moving rapidly. Windows Group Policy provides a basic level of controls for settings like minimum password length. Enterprise security management tools extend this control to other platforms and provide valuable management features like reporting. Network Access Control products ensure uniform compliance.

As a huge decentralized organization, the U.S. Government has led the charge in security automation. At first, they used a decentralized approach. Agencies were graded on security measures but granted considerable flexibility in managing their own affairs. This provided ineffective, leading to the creation of a uniform Federal Desktop Core Configuration (since replaced by the United States Government Configuration Baseline). Still, security management was painful and expensive. In a 2008 memo, the Office of Management and Budget aimed to ease compliance by requiring all agencies to use the new Security Content Automation Protocol in managing endpoint security. SCAP helps agencies reduce costs by letting them import machine-readable configuration checklists, modifying them only as necessary.

The latest developments in security automation are real-time information sharing protocols like IF-MAP. With these protocols, security products from many vendors can work together, sharing information and alerts in real-time. If a network sensor discovers a problem, it can post an event in a standard format. Analysis and enforcement can be handled by products from other vendors. This multi-vendor approach enables users to choose the best product for each job while ensuring that the products all work together.

Is security automation right for you? Well, you’re already enjoying the benefits of some forms of security automation: automated malware and spam scanning, etc. The question is really how much automation you want. As with any new technology, you should learn more and try things out before you deploy them widely. But don’t ignore the potential for security automation to reduce costs and improve security when compared to manual approaches. It has already done so many times over.