SINGAPORE--Automation needs to be used more for IT security to improve cost efficiency, especially with fixed devices that do not require frequent updates, a McAfee executive said. However, there still needs to be innovation in automated tools to make them more collaborative with other brands, and more proactive in threat detection.
According to Michael Sentonas, Asia-Pacific vice president and chief technology officer (CTO) of McAfee, automation within security such as application whitelisting and control, is still not being widely used by companies today. A lot of security is still being done manually, in a "hands-on" style, he observed in an interview here Thursday.
On the other hand, organizations have limited resources in terms of employees and their skills, and a staff may not have the right skills to clean up or manage the security of a company, Sentonas explained.
Such manual security management is tedious, time-consuming and cost-inefficient, the McAfee executive pointed out. With the sheer number of targeted and zero-day attacks, companies need to resolve security issues with as little time as possible, he remarked.
By automating an organization with technologies that allow or deny applications and traffic, companies will save not just money but also time, and be able to prevent cyberattacks as quickly as possible, the CTO noted.
Within the organization, automated security or locking down of an environment can be best used with fixed function devices such as data centers and critical infrastructure, Sentonas pointed out. They do not go through frequent updates or upgrades so it is easier to roll out automated technologies on them, Sentonas explained.
That said, they should not be deployed at user endpoints where software and other technologies are often receiving updates, he remarked.
Tech needs to be more collaborative, proactive
Moving forward, in order for automated technologies to be more widely adopted, there needs to be more innovation around vendor solutions, Sentonas advised.
Many enterprises today use a variety of solutions to secure their endpoints but these products are not able to communicate and end up "fighting with each other" such as one antivirus detecting the other as malware, he explained. This defeats the purpose of them working to protect a company's network, he added.
"You can't manage security in an organization if all these products cannot collaborate and share information. If they can work together, the organization will get layered security which is much more effective," Sentonas said.
Automated technologies within security are also very reactive in nature, Sentonas added. For instance, with antivirus, companies still need to update the signature file, detection of malware and what types of applications to allow or blacklist, he pointed out.
There needs to be innovation around how these automated technology can allow or deny certain traffic, applications or files proactively, understand and react to behaviors in traffic patterns to prevent networks getting attacked and compromised, the CTO said.