RSA 2019 Highlighted the Importance of Automation – Making SOCs More Efficient

Earlier this month Corero sent a team to the annual RSA Conference, where several education tracks and other exhibitors on the show floor also included discussions around the challenges of dealing with the latest wave of sophisticated distributed denial of service (DDoS) attacks. Of the other hot topics this year, keynotes and education tracks were emphasizing the need for human oversight and the role of security operations centers (SOCs). However, when it comes to modern DDoS attacks, many SOC teams still either miss them entirely, or aren’t able to successfully mitigate them and maintain business continuity.

Mounting Pressure on SOCs and How SOAR Can Help

One common problem is that SOCs are drowning under the pressure of false positives and are dealing with an increasing number of fragmented tools to address this challenge. The industry is attempting to help this through Security Orchestration Automation & Response (SOAR), another hot topic at this year’s show. SOCs can certainly improve efficiency through integrated SOAR workflows, which bring disparate data sources together and make it more efficient for human security analysts to quickly discern differences between false positives and real threats. However, DDoS protection is one area where effective mitigation at the very perimeter of the network ensures the junk traffic these attacks bring does not cloud the view for these other security tools in the first place.

Solving False Positive Problems Through AI

Some are trying to solve the problem of false positive rates by using Artificial Intelligence (AI). Although AI was a big topic at this year’s conference, in my professional opinion this is at risk of being more hype than substance; it is certainly not going to be a silver bullet. As some of the keynotes highlighted, AI is only as good as its training data and the models allow it to be. That is, it is very easy to use AI badly and potentially end up with poorer results. The issue of “trust” also came up; it is often difficult to understand why an AI algorithm made the choices that it did. This makes it not just difficult to train security staff, but could also make AI unsuitable in certain mission-critical environments, where automatic remediation decisions can have profound implications. It turns out that humans are very good at differentiating subtleties that computers still struggle with.

A Combination of AI and Systems That Learn for Themselves

AI and systems that learn for themselves certainly have the potential to drive security innovation, though. Indeed, the automatic DDoS mitigation in Corero’s SmartWall® solution is powered in part by machine learning that helps enable it to typically defend against over 95% of attacks without any human intervention, even protecting against new vectors not previously seen. This makes SmartWall one of the most effective solutions for protecting against DDoS attacks of all sizes, including low-level, non-saturating, and multi-vector attacks.

Combining Human Intelligence with Automation

Although it is possible to increase efficacy and reduce operating costs through intelligent automation, it still makes sense to empower humans by pairing them with machines; that combination delivers the most effective results. Security analysts need strong tools, with comprehensive visibility and oversight, which is why Corero's Security Operations Center (SOC) combines state-of-the-art monitoring and maintenance technology with highly experienced engineers to support customers before, during, and after a cyber-attack. The SecureWatch® monitoring and maintenance service ensures that the Corero SmartWall solutions are always up to date, running at peak performance, and ensures that our customers’ networks are protected around the clock against the latest DDoS threats.

For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. If you’d like to learn more, please contact us.

Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.