How Automation Can Help Safeguard Your Network

Automation word cloud

Not that long ago, in 2004, there were 9,000 Blockbuster locations across the USA. Only one remains today; the last of the chain’s video rental stores stands in Bend, Ore.

Video consumers discovered that increased automation was more attractive. Netflix, Hulu, Redbox, On Demand Video and DVRs thrived. Blockbuster, well, busted.

Automation Evolution

Even the DVR experience has undergone automation changes. About 30 years ago, a human would insert a video tape into a VCR and program it to record a show. (That assumes that you could get past the blinking 12:00 on the VCR’s face.)

A couple decades later, the DVR became part of your cable package, and if you could figure out the programming menu and knew the date, time and channel, you could program your show to record without a videotape.

Today, apps like YouTube TV recommend shows you might want to record, and you just press a “+” symbol.

If automation boomed during the industrial age, it has absolutely exploded in the technological age.

How Automation Helps Your Network Security

A significant percentage of an information security monitoring service is automated.

With the Garnet Shield™ service, for example, automation evolves as the relationship with the client matures. When Garnet Shield sensors are first installed, it is all about automation. Sensors scan the inbound and outbound traffic, gathering mounds of data that will be analyzed after a few weeks of initial monitoring.

Automation helped the SOC engineer concentrate on the 0.02% of signatures that potentially could cause harm to the client’s network.

The Garnet Shield sensors prioritize “signatures,” which are like fingerprints of suspicious traffic. One current client, for example, had more than 500,000 signatures passing through its network in just one week. Because they have been a client for several months, they have matured from the initial monitoring stage to active blocking and analysis stage. Of the 544K signatures, 366K were blocked based on previously analyzed data and rules that were set. Rules are based on things like activity types, such as cryptomining, and geo-blocking — no traffic allowed to/from countries where malicious traffic commonly originates.

Screenshot from a Garnet Shield report showing signature hits

Of the 177K signatures that were allowed to pass, 42 were escalated to be reviewed by the Security Operations Center (SOC). That means automation discarded about 99.98% of the allowed signatures as not significant enough to warrant an alert. More importantly, automation helped the SOC engineer concentrate on the 0.02% of signatures that potentially could cause harm to the client’s network. The engineer must then determine if the signature indicates a hacker is trying to access an employee’s work email, for example, or if it’s just the employee using a mobile device and failing because he is entering an outdated password.

New threats emerge every day, so the SOC’s job is never done; it just evolves, constantly intertwined with automation.

Protect your network. Get started today with Garnet Shield.

Start Now — 3 Easy Steps

Leave a Reply