For most cloud-based organizations, the number of resources, services and users make keeping up with changes across your digital environment nearly impossible. Security remediation as a practice is more like a game of security whack-a-mole.
Enter: Automate Security Remediation
To manage the constant changes, organizations are leveraging automation – though the automation can come in multiple forms. From automating ticket creation to automating the remediation itself.
In a security setting, organizations can turn to tools that identify issues and automatically remediate the problem without the need for oversight from the security team. This increases speed and can reduce the amount of time your organization is vulnerable.
But, this automation can have drawbacks.
Automated Security Remediation Drawbacks
Automated remediation can often conflict with infrastructure-as-code approach where the code is the source of truth. This often confuses developers why their changes "do not work". Developers can waste hours, even days, debugging issues caused by automated remediation.
Second, allowing tools access to both audit configurations and privileged access to make changes can create an additional attack surface against your organization. Mistakes made by the vendor make your organizational susceptible to attacks against the vendor.
This level of privileged access and lack of oversight can even result in production downtime if the appropriate oversight is not in place.
Not only that, the security team still must follow along with the changes that were made to ensure the right adjustment occurred if they wanted to preemptively address the potential IaaS issues. That means the time saved is just as quickly spent on the same initiative. Without that follow up, though, you can wind up in situations where the automation impacts other resources and operations.
Lastly, it's critical to remember automated remediation does not correct the root cause – how the mistakes were introduced in the first place – resulting in the vulnerability. If the root cause is not addressed, the same mistakes and poor configuration hygiene can continue in your organization, unchecked.
Knowledge Versus Wisdom
The saying goes "knowledge is knowing what to do; wisdom is knowing when to do it."
Your environment is your environment – steady state and ideal is dependent on each organization's unique situation. So while automating remediation increases speed, it does so without situational context or understanding. As highlighted above, when things are done without context the time saved is spent ensuring the changes were correct and the changes themselves can have reverberating repercussions.
At JupiterOne, we believe your team knows your environment better than we ever will. So we've designed our platform to enable security remediation, not automate it.
Move Towards Security Remediation Enablement
Automation can have its place, but for more mature organizations, enabling your security team to quickly spot and address issues that arise with the context of your environment and operations is the real goal. Up to this point, JupiterOne has allowed you to configure webhooks or automate Jira ticket creation for alerting your team of actions.
We are excited to announce our newest alert triggers for security enablement: the ability to create alert actions with SNS and SQS.