Advanced SOC Operations / CSOC , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development
Panel: How Automation Enhances Detection and ResponseExperts Share Insights on Using Automation to Reduce Risk in Financial Services
When it comes to advanced threat response, most financial institutions say their current abilities are average. Only one-third say automation is crucial to how they identify and respond to threats. This panel of APAC and ANZ experts analyzes the state of security automation in financial services, the need for seamless integration and interoperability with tools and technology stack, and a well-orchestrated approach that helps detect, respond and remediate threats.
Attacks can be damaging as threat actors gain access and move laterally through your systems, collect data in a central location and then encrypt it and send it out of your environment, says Leonard Kleinman, field CTO and evangelist in JAPAC for Palo Alto Networks' Cortex, an integrated suite of AI-driven, intelligent products for the security operations center. "When you understand those behaviors, you can start to use automation through a playbook that identifies and looks for those types of behavioral activity that allow organizations to identify cybercrimes as they happen," Kleinman says.
Ian Lim, field chief security officer in JAPAC for Palo Alto Networks, warns that attackers are applying multiple stages of automation to their techniques. "While the attackers are automating stage one, we are fighting manually," Lim says. "Automation should be implemented in stage one when a lot of these initial alerts that you're drowning in need to be orchestrated and automated, so that we can focus on threats."
To implement advanced automation, Shivkumar Pandey, group chief information security officer for the Bombay Stock Exchange, recommends focusing on four critical parameters - integration, identifying repetitive incidents, scale and resources. "Automation is a journey, and the first thing to automate is L1, which is to identify repetitive incidents and automate the process to respond faster," Pandey says.
In this video interview with Information Security Media Group, these experts discuss the findings of a recent survey with Palo Alto Networks and Accenture and how to:
- Automation security controls to deliver visibility and monitoring across the entire infrastructure;
- Use automation to reduce supply chain and other forms of risks;
- Take a practical approach to implementation to improve operational efficiency, reduce incident response times and streamline processes.
Pandey has more than 21 years of industry experience driving information technology and information/cybersecurity across the banking and financial sector, stock exchanges and telecom organizations. Before joining BSE, he was associated with the National Payment Corporation of India, Reliance JIO, SUD Life, Future Generali India, Kotak Mahindra and TATA AIG.
Kleinman works with executives and business stakeholders to make security a strategic priority that translates into business value and assists in developing a risk-based cybersecurity culture to protect our digital lives. He has close to 32 years of experience in information technology and cybersecurity. A security technology community activist, he is involved in and supports several cybersecurity and technology organizations and regularly speaks at security events. He is also an adjunct professor at Deakin University.
Lim is field chief security officer for Palo Alto Networks in APAC. He helps develop innovative solutions, threat prevention strategies and risk management frameworks for business executives and the wider cybersecurity community. Lim has more than 20 years of cybersecurity experience and has led global security departments for Fortune 100 companies, deploying defense-in-depth capabilities to thwart advanced attacks.