The rapid success of automation today is largely attributed to the ability of computer vision to accurately and quickly emulate human tasks through the user interface. Hyperautomation, a term coined by Gartner1, correctly emphasizes the extraordinary time-to-value advantage and acknowledges the real power of combining Robotic Process Automation (RPA) with artificial intelligence (AI) and machine learning (ML).
RPA has already delivered digital transformation faster than any other technology and it has done so by focusing on business outcomes first and foremost (rather than just the ‘thrill’ of introducing technology for technology’s sake). Unique to almost any other software technology, automation delivers significant day one value. Software robots deliver outcomes immediately.
Robots have proven vital in almost every business-critical process. One has to look no further than the 2019 novel coronavirus (COVID-19). Automation proved to be one of the only technologies in the toolkit to rapidly respond to strains in hospital systems and governments everywhere. Automation has helped nurses spend more time with patients. And, it is helping speed clinical trials in the race for a vaccine and life-saving therapeutics.
Another area where speed-to-respond matters is cybersecurity. Your business depends on how fast you respond and protect against new threats. It’s a race against the bad guys. It’s a race our robots can win.
Applying automation to cybersecurity to protect customers
Let’s consider a trivialized security workflow, for a moment. Let’s imagine there’s something ‘bad’ that poses a threat and we want to protect ourselves against it.
If we know what the threat looks like, we can keep watch. Practically speaking, we’ll likely need to keep watch across a pretty expansive threat surface that includes cloud environments, networks, and endpoints. A threat surface is the total number of possible security risk exposures.
Because attackers don’t need a lot of time to cause damage or disruption, we’ll need to keep watch in real time—or as close to real time as is possible. That means subscribing to updates from, or pulling updates from, the threat surface (plus logs, for good measure).
Where do those streams of real-time data go? To a central system, like an external data representation (XDR), that can normalize and aggregate the data and search for signs of a threat.
How is a threat spotted? Recall that we said “if we know what a threat looks like.” But that can mean lots of things—a specific malware signature, a behavioral pattern, or a series of events that individually are innocuous but that in combination reveal a sophisticated attack. The XDR applies a number of techniques to determine with some degree of confidence whether or not the data has captured evidence of an attack.
Oh, and how do we know what to look for?
Well, ideally we have a team of ‘threat hunters’ conducting proactive research. But we also want to help them out by equipping them with tools that can learn threat patterns and reveal links that might escape human ‘detection.’
OK, circling back: the system has spotted something suspicious. Do we automatically implement some sort of response? If so, where? And how? Or do we flag an analyst for examination?
So far, we’ve only considered one single threat out of the countless ones that exist. Let’s now extend the example to include all threats—even ones we don’t know how to recognize.
And, further, we’ll extend the environment to include a whole host of security products and solutions from a number of vendors.
Even with this simple example it’s clear that modern cybersecurity depends on complex workflows that themselves involve:
- Consuming and processing information
- Deciding when and where to take action
- Implementing those actions
- Measuring the response (i.e., did it work?)
RPA offers an improvement, because it makes automation more accessible. But hyperautomation offers a whole new level of potential to automate, accelerate, and improve security responses. Hyperautomation means that:
- Security teams can keep pace with the increasing number of security alerts and potential incidents, because more tasks are automated and improved analysis leads to fewer wasteful false positives
- Responses—whether entirely automated or still dependent upon human involvement—are implemented faster and more accurately.
- Things that couldn’t be automated before—say, because there isn’t an API—can be incorporated into the automated workflow.
Within eSentire’s Atlas (think of it as a proprietary, cloud-native XDR platform) the UiPath hyperautomation capabilities do all of these things and more.
And the simplified example above is still only really scratching the surface: the potential really is boundless.
Just the beginning
Earlier today, eSentire and UiPath announced a partnership to bring robots to cybersecurity. While the press release captures the reasons why we’re so excited to work together, we wanted to use this blog post to dive a little bit deeper into why automation is so important to creating positive security outcomes.
As eSentire CEO Kerry Bailey said in the press release: “The need for end-to-end security automation tools and techniques will continue to expand, becoming an integral part of an organization’s cybersecurity roadmap, with this attention on Microsoft Security only the beginning of what we plan to tackle with our new UiPath RPA capabilities.”
Many companies have Microsoft Cloud Security today. But most do not have the staff or resources to rapidly respond to new threats that can happen at any time. Now, you have eSentire’s security expertise and UiPath robots on your side.
Sign up for free to protect your business today. Together, e-Sentire and UiPath robots will have your back.
Editor's note: This blog post was co-authored by Bobby Patrick, Chief Marketing Officer (CMO) at UiPath, and Dustin Hillard, Chief Technology Officer (CTO) at eSentire.
1Source: Smarter With Gartner “Gartner Top 10 Strategic Technology Trends for 2020,” October 21, 2019.