Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ayehu extends IT automation into security automation

Linda Musthaler | July 21, 2014
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.

There's hardly a person in IT that doesn't have too much to do and too little time to do it. Since few IT departments are on a hiring binge, it's probably safe to say there are too few people handling the routine tasks to keep systems up and running along with the never ending firefighting. In short, most IT professionals are overworked and some might even be overwhelmed.

In the "work smarter, not harder" category of tools are those that provide for IT process automation. Such tools create a script of some sort that automatically executes every time certain conditions are met. The script contains a workflow of very specific tasks that a person would normally have to do, but in this case they can be automated to be completed with or without input from a human.

A good example of activities ripe for automation are resetting a user's Active Directory password and restarting an application or service when it stops running. Short workflows of specific tasks can be setup to execute when some trigger event happens — like a user sending a request to the help desk for password reset.

Taking small activities like this off the plate of overworked IT professionals can free them up to work on more important assignments. However, many companies are finding they can automate more complex activities and even IT security processes to save considerable manhours and to provide better network protection.

Long-time IT automation vendor Ayehu is moving into the security automation space by providing integration between its eyeShare automation software with security systems like SIEM, NAC, anti-virus and more. Security teams can use eyeShare to collect alerts directly from the security devices, verify the severity of the threat, communicate that severity with a security analyst who can make an informed decision on what action to take, and then execute remediation commands throughout the network. This can speed up the process of taking action when it's needed rather than waiting until a human can complete all of these tasks manually.

For example, intrusion detection software detects that a particular computer on the network has become infected with malware and sends an alert that eyeShare picks up. Using an automated workflow created by the security operations team, eyeShare can execute a sequence of commands to immediately disconnect that computer from the network to prevent spread of the malware. Going further, the user's Active Directory credentials can be disabled to prevent unintended escalation of access privileges. A help desk ticket can be generated to request remediation of the infected machine. Decision points can be built into the workflow to inject human intervention, such as to prioritize remediation based on the end user's role in the organization.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.