Automated security a recipe for disaster, experts say

Security experts warn that trying to automate network security is a recipe for disaster, according to SearchSecurity. The experts said too many chief information security officers have a compliance mentality. It’s more important to understand the organization’s mission and focus on protecting its most important data.

“The security industry has a tendency of moving something from having smart people to dumb processes. … Big data is not going to save you it’s the people examining your big data that are going to save you,” said Marcus Ranum, chief security officer of Tenable Network Security, at the 2012 InfoSec World Conference in Orlando.

Ranum was joined in a panel discussion by security experts Chris Nickerson, founder of Lares Consulting in Denver; and Alex Hutton, the director of operational risk at a financial institution.

Nickerson criticized CISOs who fail to customize compliance standards and other protection systems without taking into account the way their companies do business.


“We’ve failed at learning the general rules of battle, and we’re now protecting things based on someone’s standard instead of knowing our boundaries and what we can and can’t do to protect those things to the best of our ability,” Nickerson said.

While the panelists railed against the shortcomings of many security professionals in protecting their companies’ systems from cyber attacks, they did point to some professionals who were changing their counter-threat operations.

Hutton pointed to company that has successfully linked nearly all of its systems to its data warehouse, essentially changing its IT staff into a team of counter-threat operators.

This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.