Enabling Intelligent Security Remediation

by

For most cloud-based organizations, the number of resources, services and users make keeping up with changes across your digital environment nearly impossible. Security remediation as a practice is more like a game of security whack-a-mole.

Enter: Automate Security Remediation

To manage the constant changes, organizations are leveraging automation  – though the automation can come in multiple forms. From automating ticket creation to automating the remediation itself.

In a security setting, organizations can turn to tools that identify issues and automatically remediate the problem without the need for oversight from the security team. This increases speed and can reduce the amount of time your organization is vulnerable.

But, this automation can have drawbacks.

Automated Security Remediation Drawbacks

Automated remediation can often conflict with infrastructure-as-code approach where the code is the source of truth. This often confuses developers why their changes "do not work". Developers can waste hours, even days, debugging issues caused by automated remediation.

Second, allowing tools access to both audit configurations and privileged access to make changes can create an additional attack surface against your organization. Mistakes made by the vendor make your organizational susceptible to attacks against the vendor.

This level of privileged access and lack of oversight can even result in production downtime if the appropriate oversight is not in place.

Not only that, the security team still must follow along with the changes that were made to ensure the right adjustment occurred if they wanted to preemptively address the potential IaaS issues. That means the time saved is just as quickly spent on the same initiative. Without that follow up, though, you can wind up in situations where the automation impacts other resources and operations.

Lastly, it's critical to remember automated remediation does not correct the root cause  – how the mistakes were introduced in the first place  – resulting in the vulnerability. If the root cause is not addressed, the same mistakes and poor configuration hygiene can continue in your organization, unchecked.

Knowledge Versus Wisdom

The saying goes "knowledge is knowing what to do; wisdom is knowing when to do it."

Your environment is your environment  – steady state and ideal is dependent on each organization's unique situation. So while automating remediation increases speed, it does so without situational context or understanding. As highlighted above, when things are done without context the time saved is spent ensuring the changes were correct and the changes themselves can have reverberating repercussions.

At JupiterOne, we believe your team knows your environment better than we ever will. So we've designed our platform to enable security remediation, not automate it.

Move Towards Security Remediation Enablement

Automation can have its place, but for more mature organizations, enabling your security team to quickly spot and address issues that arise with the context of your environment and operations is the real goal. Up to this point, JupiterOne has allowed you to configure webhooks or automate Jira ticket creation for alerting your team of actions.

We are excited to announce our newest alert triggers for security enablement: the ability to create alert actions with SNS and SQS.

JupiterOne Team
JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

Keep Reading

How CTEM Prioritizes Critical Threats and Safeguards Your Most Valuable Assets | JupiterOne
October 9, 2024
Blog
How CTEM Prioritizes Critical Threats and Safeguards Your Most Valuable Assets

Learn how CTEM helps organizations reduce their attack surface, protect valuable assets, and stay ahead of attackers. Download our white paper to get started with CTE

Cybersecurity Awareness Month: Fix Your Flaws Before You Celebrate
October 3, 2024
Blog
Marketing wouldn't let me call this "Before Preaching, Stop Punching Yourself"

It’s Cybersecurity Awareness Month, but before you send out those animated videos and "helpful" phishing tips, take a hard look at your own practices.

Mitigating Cloud Risks: How CAASM Helps Manage Permissions and Stop Privilege Escalation | JupiterOne
September 26, 2024
Blog
Mitigating Cloud Risks: How CAASM Helps Manage Permissions and Stop Privilege Escalation

JupiterOne helps organizations manage cloud permissions and prevent privilege escalation across AWS, Azure, and Google Cloud.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.