The idea of self-healing IT systems is very attractive to any IT director who wants to use valuable resources – IT staff and budget – on more strategic activities. Rather than using people to deal with business operational activities such as for detecting and fixing common network issues, let the computers do it for us.
Much has been written about the benefits of automation: from improving network performance, creating more time for other activities, reducing human error and driving greater efficiencies. But what about the security benefits of self-healing IT systems? Are there rewards to be had in respect to information security?
‘Intelligent’ self-healing computers
Last month in Las Vegas seven computers battled against each other to discover which could learn to fix itself and protect against hackers. A Pittsburgh team – For All Secure – built a computer called Mayhem that won the $2million prize and showed that it is possible for computers to find and patch their own flaws, reducing their exposure to cyber attacks.
Currently self-healing networks can only address known issues, using a knowledge bank of pre-defined and tested automation objects and IT processes. This means that IT departments need a clear picture of what those frequent issues are, especially those that could result in downtime and business critical consequences. In terms of security this means being able to withstand or quickly recover from cyber threats – malware, denial-of-service etc.
However, as the cyber threat landscape is ever evolving a computer that can self-heal without human intervention is an exciting development. Many network vulnerabilities lie undetected for months, in fact on average it takes 146 days for an organisation to discover that attackers are present on their network. So a computer that can proactively search for unknown vulnerabilities, and ‘learn’ about new threats could transform how we manage cyber security.
Unfortunately, we’re not in this position yet. Instead the onus remains on the humans to be vigilant and protect their IT network and systems with all available tools. Threat detection is historically difficult, especially advanced threats which actively take steps to avoid detection. These threats are typically targeted at individuals or organisations and utilise a wide range of IT entry points.
This complexity combined with the scale of most organisations’ IT assets, makes detection a challenge. Advanced threats are tackled with continuous monitoring, multiple layers of protection, and threat intelligence. Once threats are identified, systems can be protected, business continuity plans executed, and a patch developed; at this stage automation for future attacks could be implemented. Potentially computers like Mayhem may have the solution to this problem.
Humans – No match for sustained attack
Along with the challenge of detecting advanced threats, IT departments have to keep up with high volumes of incoming threats that need a fast response. This is where automation can become a powerful part of an organisation’s incident management process; responding to known threats, and freeing up IT staff for other activities.
This delivers the following key benefits:
Increased capacity: the volume of incoming threats in many organisations means IT staff simply cannot keep up. Automation ensures that threats are dealt with threat-by-threat, offering maximum protection.
Quicker response: hand in hand with increased capacity, goes a quicker response. Once a problem is detected it is dealt with according to a defined process.
Better decision-making: bad decisions are made when people are under pressure. Automation allows organisations to analyse data and make decisions using a robust set of rules. This also includes recognising exceptions where input from a human operator is essential.
Fewer errors: human error is often at the root of a cyber security incident, or can contribute to the escalation of an incident. Therefore, removing this variable from the equation, or at least part of the process, reduces this risk.
Improved efficiency: while IT teams may be concerned that robots are replacing them; in many cases this will not be the case. IT departments are already overstretched dealing with incident management and automation allows teams to focus on more proactive and strategic activities. Savings are made by ensuring IT staff are delivering high value work, rather than just ensuring that IT systems are up.
While it will take some time before the technology behind computers like Mayhem becomes commoditised into a cyber security tool, self-healing networks are a reality for dealing with many of the threats and common incidents IT systems are routinely exposed to.
By Peter Boyle, director, product management, Burning Tree