Enabling Intelligent Security Remediation

By

For most cloud-based organizations, the number of resources, services and users make keeping up with changes across your digital environment nearly impossible. Security remediation as a practice is more like a game of security whack-a-mole.

Enter: Automate Security Remediation

To manage the constant changes, organizations are leveraging automation  – though the automation can come in multiple forms. From automating ticket creation to automating the remediation itself.

In a security setting, organizations can turn to tools that identify issues and automatically remediate the problem without the need for oversight from the security team. This increases speed and can reduce the amount of time your organization is vulnerable.

But, this automation can have drawbacks.

Automated Security Remediation Drawbacks

Automated remediation can often conflict with infrastructure-as-code approach where the code is the source of truth. This often confuses developers why their changes "do not work". Developers can waste hours, even days, debugging issues caused by automated remediation.

Second, allowing tools access to both audit configurations and privileged access to make changes can create an additional attack surface against your organization. Mistakes made by the vendor make your organizational susceptible to attacks against the vendor.

This level of privileged access and lack of oversight can even result in production downtime if the appropriate oversight is not in place.

Not only that, the security team still must follow along with the changes that were made to ensure the right adjustment occurred if they wanted to preemptively address the potential IaaS issues. That means the time saved is just as quickly spent on the same initiative. Without that follow up, though, you can wind up in situations where the automation impacts other resources and operations.

Lastly, it's critical to remember automated remediation does not correct the root cause  – how the mistakes were introduced in the first place  – resulting in the vulnerability. If the root cause is not addressed, the same mistakes and poor configuration hygiene can continue in your organization, unchecked.

Knowledge Versus Wisdom

The saying goes "knowledge is knowing what to do; wisdom is knowing when to do it."

Your environment is your environment  – steady state and ideal is dependent on each organization's unique situation. So while automating remediation increases speed, it does so without situational context or understanding. As highlighted above, when things are done without context the time saved is spent ensuring the changes were correct and the changes themselves can have reverberating repercussions.

At JupiterOne, we believe your team knows your environment better than we ever will. So we've designed our platform to enable security remediation, not automate it.

Move Towards Security Remediation Enablement

Automation can have its place, but for more mature organizations, enabling your security team to quickly spot and address issues that arise with the context of your environment and operations is the real goal. Up to this point, JupiterOne has allowed you to configure webhooks or automate Jira ticket creation for alerting your team of actions.

We are excited to announce our newest alert triggers for security enablement: the ability to create alert actions with SNS and SQS.

JupiterOne Team
JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

To hear more from the JupiterOne Team, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

Keep Reading

What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)
February 6, 2023
Blog
What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)

The new JupiterOne Query Builder streamlines your querying experience by eliminating errors, simplifying query builds, and reducing time to value.

The top 10 questions that every engineering leader should be able to answer
February 2, 2023
Blog
The top 10 questions that every engineering leader should be able to answer

We polled some of our engineering leaders to see what it takes to succeed. In part two, we see if their answers align with the CISOs we talked to.

Identify compromised versions of Github using JupiterOne
January 31, 2023
Blog
Identify compromised versions of GitHub apps using JupiterOne

As a preventative measure, Github will be deprecating the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.