Managing the Dynamic Datacenter

Datacenter Automation

Subscribe to Datacenter Automation: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Datacenter Automation: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Datacenter Automation Authors: Shelly Palmer, Automic Blog, Pat Romanski, Elizabeth White, Liz McMillan

Related Topics: Datacenter Automation, Government Cyber Assurance

Blog Feed Post

Interview on Automated Malware Removal

By

Editor’s note: This interview was first posted on the Hexis Cyber website. – bg

Three Questions on Automated Malware Removal with Bob Gourley, Cognitio Corp and CTOVision

Another day, another data breach. While there’s still an emphasis – and related spending – on malware detection, most incident response teams are actually overwhelmed by vast number of security alerts they receive. Effective malware detection is important, but only paired with response and removal can companies effectively prevent the malware that will enter the system from doing damage. We asked Bob Gourley, partner and co-founder of Cognitio Corp and editor of CTOvision.com, why he’s such an advocate for automation.

What’s driving the need to automate malware response and removal?
Bob Gourley: That’s simple. Companies need to automate because the adversaries are already doing it! Hackers are getting into company IT networks within seconds or minutes. Regardless if you automate or not, malware removal still needs to be done. While incident response teams are highly skilled, they still move at human speed. It takes months to clean up from an infection.
Automation is necessary to have any chance at a solid defense against threats.

Then why haven’t more companies already embraced automation?

BG: CIOs and CTOs are responsible for keeping IT resources up and running. They are cautious about automating security for fear of disabling network operations and IT functionality. The security pros I know do use security automation today, but look for solutions that can be human guided, too. They want to understand the policy implications of automated device quarantine or malware removal before they field the solutions.

How will companies get over the hesitancy?
BG: Automation in security is not new. In the 90s, anti-virus signatures were automatically enabled to prevent viruses from entering the network. Even then it took some time for security pros to trust the technology. At first many companies stood up demo environments to test signatures. It took some confidence building, but once a few companies ran automation in production environments, the pack followed.

My advice to companies would be to start with a phased approach. Run a proof of concept in-line – not in a test environment – in a way that will be observable by incident response teams. Begin by automating detection, add automation of removal with human oversight and then turn on full automation when it’s clear that only then will the threats be taken out. One more thing — the C-level follows peers. As more CISOs start to automate removal, the concept will catch on like wildfire.

Want to learn more? In a new whitepaper, Bob Gourley and Roger Hockenberry, his partner at Cognitio Corp, share insights on the shift toward response and removal automation, necessary since hackers are increasingly automating attacks. Download the complimentary whitepaper, “Automating Removal of Advanced Threats/Malware” here.

 

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com