Comment: Automated security analysis – learning to love change

Cohen says the right approach to automation can help IT teams embrace and keep ahead of change
Cohen says the right approach to automation can help IT teams embrace and keep ahead of change

Security would be easy if it wasn’t for all the changes, as any IT manager will tell you. Other sectors of IT, such as CRM or ERP, can continue to function efficiently without significant change for long periods of time.

But with security, every network extension, every opening or closing of a new office, every merger or acquisition weakens your security stance, and exposes your company to risk. And that’s before you consider the ever-increasing numbers of new threats, from malware and crimeware to hacking attempts.

Standing still isn’t an option – if you don’t adapt or change your security infrastructure and policies to keep pace, then your networks are exposed. Yet just the act of making network changes can introduce unexpected vulnerabilities – which in turn, further complicate the security issue.

So, how should IT teams scan and assess network devices, processes, and people to ensure consistent availability, security and compliance? The traditional approach is to undertake a lengthy, manual inventory of all existing equipment and assets, followed by a similar effort to identify all the rules that have been implemented across the network to ensure security, privacy, and compliance with regulations.

The chains of change

This manual approach creates its own risks. The IT team becomes distracted by stocktaking on networks, diverting resources away from strategic security tasks. And of course, once the inventory is complete, the network may change, or new risks may emerge – and the cycle begins again.

Is there a way to break the chains of change and stop playing constant catch-up? The answer is automation. Automated risk modeling tools can provide a complete and accurate picture of the organisation’s network, making it possible to simulate attack scenarios and compare possible responses.

This reduces human error, gives management a dashboard view of security, availability and compliance exposures, and gives IT teams accurate and prioritised action points to help mitigate critical risks.

Let’s look at an example of a company that took the path of automated risk modeling and management to help it save time and gain control of its growing, evolving network.

From manual to auto

A leading UK financial services company wanted more effective management and control of its estate of 200-plus firewalls, distributed across multiple offices and branches. It also wanted the ability to automate critical security processes, free up IT administration time, and enable staff to focus on other strategic issues.

As constant availability of financial information to its clients is key, the company needed to ensure its firewalls were secure and compliant with company requirements. This was complicated by the company’s recent, rapid growth, which has meant greater network complexity to support a growing user base.

To monitor the security status of the network, the company relied on resource-intensive manual assessment projects. Identifying security gaps and potential compliance issues was an intensive chore, and based on the subjective viewpoints of engineering teams.

As a result, the company’s CSO decided that a strong layer of analysis and security process automation would provide the highest level of security possible. To solve its network security issues, the company conducted an evaluation of vendors offering solutions, such as rule base management.

However, these only solved a small part of the overall security and network management problem. The CSO wanted a solution that gave a complete picture of the entire network, enabling quick identification of where security holes exist.

The company chose an automated risk analysis solution that conducts analyses in a virtual environment, providing clear information on areas of concern, without impacting the network’s overall performance. Additionally, the CSO wanted to demonstrate that the appropriate controls are in place to validate the network’s security and compliance.

The company’s firewall managers can now better understand the rules that are causing problems and fix them before a security breach can occur. Prior to the solution’s implementation, penetration testing was regularly used, but its scope was narrow and did not provide a full view of potential firewall rule errors or mistakes.

Deployment matters

The implementation of any solution would have been challenging for the company due to the network’s complexity following several mergers. Once the implementation processes were identified, a network map was created using configuration data from the firewalls and routers. The company was quickly able to identify key areas of concern and put remediation plans into action.

Several significant results have been realised after implementing the solution. These include the ability to visualise a very complex network, identify threats to assets and mitigate them, and manage risk levels to a satisfactory level.

Automating network analysis has replaced manual processes, and the company feels it has introduced efficiency gains that could not otherwise have been realized. The ability to test future changes in a virtual environment prior to deployment saves time that was previously dedicated to problem-solving discussions within change control teams.

Vulnerability and compliance analysis is now run on a daily basis, providing clear reports on the network’s current connectivity and compliance status.


The company’s recent merger with another financial firm was the first big challenge for the new solution. The introduction of 3000 new employees, a network that was not completely understood, and the addition of devices not previously in the system have tested the scalability of the product.

According to the company, the solution has already proven to be more than capable of acquiring and automatically analysing large amounts of data that would have been unfathomable with manual processes. The automation gives a working, living model of the network: the ability to visualise actual threats and create a simulated attack scenario quickly identifies any asset that is susceptible to a potential security breach.

Change is always inevitable in security – but it doesn’t have to take over an IT team’s workload. With the right approach to automation, IT can embrace and keep ahead of change, without tears.

Gidi Cohen co-founded Skybox in 2002 and has guided the company’s vision and development of cyber security solutions for risk and compliance management. He is an expert in risk modeling, network analysis, and attack simulation for predicting and preventing potential cyber threats. Cohen holds both bachelor’s and master’s of science degrees in computer sciences and mathematics from Tel Aviv University.

What’s hot on Infosecurity Magazine?