SecPro #57: Fighting DDoS Attacks, Using BloodHound, and Hyperautomating.
The SecPro has always been about change. About delivering value. About the readers. And that’s why we’re planning to remove our premium subscription option and make everything free to our 13,000-strong subscriber list. From next week, we will roll the Weekly Insider back into the Weekly Roundup, allowing everyone, everywhere to access our content.
That’s not to say that the SecPro is going away – in fact, the very opposite! We have plans to expand the SecPro in a different direction, which requires us to focus our energies on different projects. For those of you who have been with us since we started the premium offering, we understand that this might come as a bit of a shock.
We’re not saying “thanks for the support, see you whenever” – we understand that the SecPro community has aided us in building something and there will be thanks coming your way.
The Premium Articles – Available to Everyone
This week’s free articles
Sculpting Change – Hyperautomation
Written By: Austin Miller
From the humble fields of Britain, France, and the emerging Thirteen Colonies that had declared themselves independent, people flocked to the cities to take part in the greatest leap forward that humanity had made. The rise of capitalism took the production of goods from the hands of small-scale mercantile traders and put it in the hands of steam engines, production lines, and roaring machinery.
The birth of capitalism was the birth of humanity’s drive to create more while minimizing human labor. Productivity – the art of squeezing the most “labor power” (to quote a maligned and often misunderstood 19th century economist) out of the workers – is the central concern for many business leaders, to the point of wanting to automate everything that can be automated. With the growing sophistication and tenacity of the adversary, cybersecurity has been walking down this road for years.
While a hyperautomation initiative might drive cybersecurity to become as efficient as possible, will it herald in an age of computer-backed super security analysts or will cybersecurity positions become little more than starting up a program and letting it go?
What is hyperautomation?
Despite my futuristic dreaming about a world where automated services simply attend to all our cybersecurity needs, the latest wave of hyperautomation is slightly more reserved than that. At least for the minute, don’t worry about finding a new field to work in.
Hyperautomation – as the name suggests – means taking automation to its logical extreme. This involves finding the smallest parts of any given system that do not need human intervention and turning them into automated tasks. For cybersecurity professionals, this should be by no means a novel solution – it is part of the standard workday! But Gartner has included this concept in their Top 12 in order to underline the key role of the cybersecurity professional in the IT world of tomorrow – leading by example!
By applying other key leaps forward in technology such as orchestration, robotic process automation (RPA), and low-code platforms will allow entire organizations to engage in better, smoother business processes. As a result, cybersecurity teams become an example to the other sections of the organization in how to reduce human intervention to its minimal necessities.
How will hyperautomation change cybersecurity?
Throughout this, you might have noticed that I have consistently praised cybersecurity professionals for their forward-thinking attitude towards automation (whether that’s due to technical insight or a drive to do as little as possible while they are working…). The most obvious example of automation that is becoming more and more common today is the Security Orchestration, Automation and Response (SOAR) platforms that allow better solutions to cybersecurity professionals working on the front line.
Because we already understand the role of automated cybersecurity solutions, a better question is the role of automation in the future of cybersecurity. Automating jobs is one possibility, but a better solution may be to increase the role of artificial intelligence and machine learning to identify more threats, faster. This is something that various enterprises are already working on or have incorporated into their security posture, but there is always a greater opportunity for creating business-driven automation tasks.
How are organizations using hyperautomation?
Although not strictly related to hyperautomation, Gartner shared an example of a global oil and gas company that has already implemented 14 different hyperautomation initiatives. By increasing the role of automation in their industrialisation processes, the company has now standing at the precipice of intelligent document processing, automating geoscientific operations, and automatically identifying and coordinating offshore drilling projects. From an operational point of view, the business is now more automated and better equipped to deal with the speed of modern business needs.
Even on the “back-end” of business operations, business outcomes have been aligned with automation to increase the quality of product, reduce the time to market, improved agility, and a supposed boost to innovation within the company’s models. When applied to cybersecurity, it’s possible to imagine a world where even 0-day attacks are quickly identified and quickly shared amongst “friendly” businesses to ensure a solid defensive bloc. Some – or even many! – would say that we already have that capability, so what’s stopping us from fully automating what is already at our fingertips?
Secret Knowledge: Building Your Security Arsenal
Here’s another edition of Secret Knowledge, with plenty of tools to help you test and secure your infrastructure systems. All tools are chosen by our crack team of researchers on the most important metric of all – sounding a bit interesting.
- GoogleCloudPlatform/security-response-automation: Take automated actions against threats and vulnerabilities.
- mohlcyber/OpenDXL-ATD-MAR-Elasticsearch: Automated Real-Time Threat Hunting with ATD, Active Response and Elasticsearch/Kibana
- CiscoSecurity/tr-05-api-module: Threat Response API Module
- utkusen/jeopardize: a low(zero) cost threat intelligence & response tool against phishing domains
- sqlmapproject/sqlmap: Automatic SQL injection and database takeover tool
- CiscoCXSecurity/bbqsql: SQL Injection Exploitation Tool
- ron190/jsql-injection: jSQL Injection is a Java application for automatic SQL database injection.
- nearform/sql: SQL injection protection module
- ory/hydra: OpenID Certified™ OpenID Connect and OAuth Provider written in Go – cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
- vmware/burp-rest-api: REST/JSON API to the Burp Suite security tool.
- Netflix-Skunkworks/aardvark: Aardvark is a multi-account AWS IAM Access Advisor API
- osopromadze/Spring-Boot-Blog-REST-API: Restful CRUD Blog API using Spring Boot, Spring Security, JWT, Mysql, JPA