Though one might question if their origins were for good or evil, botnets have been used for both causes for years. For bad actors, botnets represent a cheap and powerful form of automation. With bots dispersed across a vast network of infected computers and controlled by a Command and Control (C2) server, automation directs the next action from the queue.
Malicious botnets are used for multiple purposes: distributing malware, stealing passwords, propagating spam, and launching DDoS attacks. The benefits are hard to ignore–botnets are a low cost, fast acting way to complete the mission. But why should automation be a tool used only by the bad guys?
With automation becoming increasingly popular in the SOC, it’s easy to wonder why it has taken so long for the good guys to stop showing up to the gun fight with a knife. Some would say that we’ve been forced to “carry.”
One driver for SOC automation is that our security deployments have gotten more complex. Twenty years ago, companies had just a few security products to manage – perhaps a firewall and anti-virus. Today, most are juggling dozens or more. I was recently at a CISO event where my informal poll of the crowd showed many enterprises are working with 25 – 30 different security vendors. Industry research suggests the number may even be higher. With more to manage, automation is an easy choice – and perhaps the only logical choice.
So where do you start?
We’ve developed a maturity continuum for automation and orchestration to help answer this question. As with other continuums, it’s a useful way to benchmark your progress in adopting this new technology as well as developing a strategic vision for the future. Download a copy of our whitepaper to explore the continuum in depth.
VP, Products & Marketing