Is SAP Cybersecurity Automation Right for Your Enterprise?
Jan 30, '20 by Joerg Schneider-Simon
Cyberattacks are now heavily automated. Is the solution automated cybersecurity?
Hackers are launching fearsome new attacks against SAP systems across multiple industries using self-directed software tools and processes. Malicious actors are using artificial intelligence and machine learning to scale their attacks to unprecedented levels, wreaking damage on companies and critical systems.
For many organizations, the only option for fighting automated attacks is automated cybersecurity. Let’s examine these attacks and what options are available.
Rise of the Machines
Cyberattacks are evolving from manual attacks to automated attacks in a number of ways.
Once a hacker guesses a password, they own your account. One way hackers automate this process is by credential stuffing, which repurposes stolen passwords to break into new accounts. This tactic is effective—and damaging—because so many workers use the same passwords across many platforms and accounts.
A password stolen from one account opens doors to other accounts. Hackers used credential stuffing to target Dunkin Donuts’ DD Perks rewards program in 2018. Hackers are also using machine learning to predict the passwords users will create in the future based on the passwords they have used in the past.
Hackers are deploying automated bots that launch attacks on their own, and the abilities of these bots are staggering. For example, security researchers with Cybereason recently conducted a “honeypot” experiment using a dummy online financial firm they created. Their bot hacked into the company, gained control of its network, scanned for employee workstations and stole all the data it could (3GB of data)—in 15 seconds.
“If exploit automation wasn’t enough of a concern for security teams, this technique has grown even more potent with attackers using bots that can automatically exploit vulnerabilities, create backdoors, dump passwords, conduct network reconnaissance and laterally move in seconds,” according to Cybereason’s report.
Artificial intelligence is transforming malware and attack toolkits, making them harder to recognize and more difficult to remove from networks. Traditional anti-malware tools look for known malware signatures. But shapeshifter malware (also known as polymorphic malware) makes simple changes to its code, letting attackers easily generate new binary signatures for the files. These signatures, by definition, will be unknown to traditional anti-malware tools.
Security analysts are predicting that soon we will see AI “nerve centers” that control and direct malware, turning them into formidable weapons. These AI-based malware weapons can hunt down specific targets inside a business or enterprise, cloak themselves against antivirus and other detection tools, and spread swiftly and uncontrollably across networks.
Given that some of the largest and most well-publicized breaches were the result of undetected malware, the rise of shapeshifter malware is cause of alarm.
Cybersecurity Automation, Defined
Cybersecurity automation uses software and hardware to automate manual, tedious and repeatable tasks. Automated vulnerability management software, for example, automatically detects and scans devices on an enterprise network. It then assesses each device based upon security controls authorized by the organization. It then tells IT staff which devices are vulnerable and need remediating.
Cybersecurity automation predicts malicious behavior sooner and executes protections faster than is possible using manual methods. Here are three ways to use cybersecurity automation:
1. Make sense of threat data
Machine learning and automation help enterprises collect, sequence and analyze threat data across all attack vectors more quickly. This helps sift through mountains of data to uncover groups of threats that behave similarly, predicting new and upcoming threats.
2. Generate protections automatically
When hackers penetrate a network, the greatest threat is time. The longer the attack goes unnoticed, the more harm the hackers can do.
Cybersecurity automation tools are designed to create and distribute protections faster than hackers or malware can penetrate networks, endpoints and cloud. Automation expedites the process by predicting where the attack will go next, and deploying protections to that area automatically, without straining resources.
3. Detect infections you already have
To identify an infected network or suspicious behavior, you must analyze data from your network backwards and forwards in time. But correlating and analyzing data across your network, endpoints and clouds is difficult to do manually and impossible to scale. This is where automation comes in. Automated tools speed up analysis, detection and intervention.
Setting up SAP Cybersecurity Automation
There are multiple approaches to setting up cybersecurity automation. Some organizations may find it best to invest in out-of-the box solutions that handle specific tasks such as:
- Robotic process automation (RPA)
- Security orchestration automation and response (SOAR) and security incident and event management (SIEM)
- Public key infrastructure (PKI) certificate and key management
Conversely, a custom-built automation solution may be your best option – whether it’s built in-house or handled by a third-party service provider.
Combined with a robust SAP virus protection system that blocks and screens for malware, cybersecurity automation is a powerful tool to keep your SAP system secure, and in today’s environment where the threats are automated and only growing in sophistication and volume, automating cybersecurity may be the only way for organizations to stay ahead of the onslaught.