From Cybersecurity Sisyphus to Cybersecurity Alchemist

Greek civilization is the most influential civilization in the history of the world. Although people of all countries, eras, and stages of civilization have developed myths that explain the existence and workings of natural phenomena, recount the deeds of gods or heroes, or seek to justify social or political institutions, the myths of the Greeks have remained unrivaled in the Western world as sources of imaginative and appealing ideas. Most of today’s thoughts and ideas can be traced back to the Greeks. They gave us democracy, mathematics, drama, philosophy, Olympics.

While reading these mythical stories one can start relating many things in the story like characters, the philosophy of the story, sometimes the events narrated in the story. When I was reading the story of Sisyphus, in this story, Zeus gives the punishment to Sisyphus for wrongdoing. I was able to relate to the punishment given to Sisyphus with the work done by cybersecurity professionals. The punishment given to Sisyphus was to rollup boulder to a steep hill and watch it fall back again due to its own weight, after which he has to start over and push it up again.

Working as a cybersecurity professional we go through this type of punishment time and again. Once we are done with protecting the organization from one type of attack another is already there to deal with, not only new attacks but the old attacks can evolve to more lethal to take as an example ransomware attack was evolved from the encryption of endpoint data to encrypting storage and now exfiltrating data before encrypting and taking victims as a hostage

The Sisyphus story made me think, is there any way to get rid of this punishment, I came across another story of the Greek god Hephaestus or Vulcan (for the Roman origin of the story) who was the god of fire and considered as an Alchemist. He was intelligent, industrious, and persistent with these qualities he was able to extract different types of metals (Gold, Silver) from the stones by applying heat treatment. He used these metals to help him build a chariot to go faster and girls to serve him.

The story of Hephaestus gave me the answer, Yes, we security professionals can change ourselves from Sisyphus to Alchemist.

How to transform from Sisyphus to Alchemist …..

“It is not about which tools you have, how effective these tools are, end results depend on how efficiently and effectively you make use of these tools to achieve the results”

  1. Robotic Process Automation (RPA) — Automated incident response and security orchestration can radically improve the efficiency of your security operations team by automating otherwise tedious and time-consuming security management tasks. The task that can be automated are
  • Performing device discovery, inventory, and identifying the exposed attack surfaces to counter cyber-attacks
  • Automatic updates and patching rollout
  • Programmatically open and close tickets
  • send emails to key stakeholders
  • process suspicious email attachments for analysis
  • automatically execute a remediation plan and/or flag an incident for additional review
  1. Automation of Certificate and Encryption Key management — This can improve identifying the blind spots and shadow certificates in your environment. The following processes can be automated for key and certificate management
  • Issuing, renewing, installing, and revoking of certificates
  • Certificate / Key expiry notifications
  • Reports generation for keys/certificates issued, in used, renewed, etc.
  1. Automation of Identity and Access Management — following are the three major task in Identity and access management can be automated to reduce the errors and burden of repetitive tasks
  • Automating password management, including employee recovery and resets, can be a major help for both employees and help desk teams.
  • Identity Lifecycle Management — onboarding (bringing an employee into the identity system), provisioning (giving that identity permissions as those permissions become necessary), deprovisioning (removing permissions as they become irrelevant to job functions), and offboarding (terminating an identity when the employee leaves)
  • Identifying Orphan or Rogue Accounts
  1. Threat intelligence feed with context which is constantly updating the current analysis process with changing indicator of compromise (IOCs). Use the threat intelligence tools based on data science, AI/ML algorithms
  • To provide a global view of the threats using supervised machine learning to analyze very large volumes of malicious and attack traffic and distill it down to the key characteristics that make malicious traffic unique
  • Local view using unsupervised machine learning models to learn about a specific to your environment, for example, using local learning to determine when a user behaves differently than in the past
  1. Proactive threat hunting and assessment
  • providing analysts with better, more comprehensive information about potential threats before they become a problem
  • Smarter triage tools that review SIEM software alarms automatically, integrating event context to reduce time-consuming manual research

“Any daily work task that takes 5 minutes will cost over 20 hours a year, or over half of a workweek. Even if it takes 20 hours to automate that daily 5-minute task, the automation will break even in a year.”

― Anthony J. Stieber

From Book Breaking into Information Security: Crafting a Custom Career Path to Get Job You Really Want

To conclude this article — In the current situation with cyber-attacks are increasing drastically and the availability of cybersecurity skilled resources is scarce, instead of punishing cybersecurity team like Sisyphus roll up the stone time and again, with the use of RPA and AI/ML-based tools e.g. SIEM with integrate artificial intelligence with machine learning algorithms can improve the analytic capabilities of the security team to make quick and informed decisions like Alchemist.

Utilizing the AL/ML-based tools like EDR, MDR, XDR to detect and respond to the attacks, SOAR for managing the security orchestration, and incorporating automation to perform a repetitive task will transform cybersecurity from Sisyphus to Alchemist.

Protecting bits to save humanity, Cybersecurity's Changing Gameplan