add image, tweak indents

website/blog/2023-11-30-automated-security-versus-the-security-mindset/item.md

@@ -20,14 +20,15 @@ tags:
     - Authentik Security
 hide_table_of_contents: false
 image: ./authentication.png
-
 ---
 
 > **_authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a [public benefit company](https://github.com/OpenCoreVentures/ocv-public-benefit-company/blob/main/ocv-public-benefit-company-charter.md) building on top of the open source project._**
 
 ---
 
-Automated security plays a large and increasingly overarching role in cybersecurity. With the growth of Machine Learning (ML) and Artificial Intelligence (AI), automation is frequently assumed to be the future of cybersecurity as a whole. However, thanks to the work of computer security experts like [Bruce Schneier](https://en.wikipedia.org/wiki/Bruce_Schneier), we've gained insight into the human adversaries that create the underlying problems in cybersecurity. The best response to these malicious actors is to think like a security expert and develop the security mindset.
+Automated security plays a large and increasingly overarching role in cybersecurity. With the growth of Machine Learning (ML) and Artificial Intelligence (AI), automation is frequently assumed to be the future of cybersecurity as a whole. However, thanks to the work of computer security experts like [Bruce Schneier](https://en.wikipedia.org/wiki/Bruce_Schneier), we've gained insight into the human adversaries that create the underlying problems in cybersecurity.
+
+> The best response to these malicious actors is to think like a security expert and develop the security mindset.
 
 In this blog post, we examine why automation is such a popular solution to cybersecurity problems—from vulnerability scanning to risk assessments. Then, we will look at those tasks in which security automation by itself proves inadequate, with particular focus on automatic scanning. Next, we make a positive case for why the human factor will always be needed in security. Finally, we will propose that good security isn't a feature. It's a proactive security mindset that's required—one with a human element at its core.
 
@@ -39,8 +40,8 @@ In this blog post, we examine why automation is such a popular solution to cyber
 
 Automated security is such a popular option purely because of the current dynamics:
 
-- On the one hand, there is a growing number of security incidents, instigated by systematic threat actors who may use the exact same auto security testing tools to find and target weaknesses
-- On the other, there is a shortage of trained cybersecurity professionals with adequate time resources to deal with those threats
+-   On the one hand, there is a growing number of security incidents, instigated by systematic threat actors who may use the exact same auto security testing tools to find and target weaknesses
+-   On the other, there is a shortage of trained cybersecurity professionals with adequate time resources to deal with those threats
 
 Meanwhile, companies concerned about the security of their networks are facing the demands of savvy insurers keen to reduce their risks in turn, while CISOs are coming under increasing personal pressure, considering some have faced new warnings of personal liabilities (including jail time, as we wrote about in a [recent blog](https://goauthentik.io/blog/2023-11-22-how-we-saved-over-100k#repercussions)) from government legislators.
 
@@ -54,37 +55,37 @@ Let’s not throw the baby out with the bath water. Automation has a place and p
 
 Examples of these include:
 
-- Scheduled tasks such as vulnerability scanning
-- 24/7 user and other activity monitoring
-- Actions that require speed such as detecting and immediately responding to malicious intrusions
+-   Scheduled tasks such as vulnerability scanning
+-   24/7 user and other activity monitoring
+-   Actions that require speed such as detecting and immediately responding to malicious intrusions
 
 Removing tasks like these from the manual operations of your SOC (security operations center) aids efficiency, supports your security team, and helps ameliorate any skills shortage.
 
 What are the benefits of an automated security system?
 
 Automated security also excels in:
 
-- Reducing human error
-- Eliminating manual steps
-- Lowering the number of false positives
-- Updating software
-- Helping with compliance
-- Enhancing incident response and threat intelligence
+-   Reducing human error
+-   Eliminating manual steps
+-   Lowering the number of false positives
+-   Updating software
+-   Helping with compliance
+-   Enhancing incident response and threat intelligence
 
 ## Why automation is a threat to cybersecurity
 
 If automation is such a popular and necessary asset in the cybersecurity field, why can't we automate everything?
 
-*Let’s think: Could over-reliance on automated security testing ultimately prove detrimental to cybersecurity and threaten the safety of your systems?*
+_Let’s think: Could over-reliance on automated security testing ultimately prove detrimental to cybersecurity and threaten the safety of your systems?_
 
 To help avoid this, we need to acknowledge that automation can't:
 
-- Keep security teams up to date with new standards, such as the NIST Cybersecurity Framework; the ISO/IEC 27001 standard for information security management; the CIS Critical Security Controls; the OSSTMM; the Web Application Security Consortium (WASC 2.0); or the finance standard of PCI Data Security Standards for the payment card industry
-- Adjust your internal security policies and practices to all the nuances of relevant industry, country or regulations such as NIST SP 800-52; The California Consumer Privacy Act: the Canadian PIPEDA; the EU’s GDPR; or HIPAA’s personal health data legislation
-- Rapidly respond to every new CVE or every item that makes an appearance in the SANS Top 25, or the most common vulnerabilities listed in the OWASP lists
-- Ensure that your own internal cybersecurity protocols and policies are enforced
+-   Keep security teams up to date with new standards, such as the NIST Cybersecurity Framework; the ISO/IEC 27001 standard for information security management; the CIS Critical Security Controls; the OSSTMM; the Web Application Security Consortium (WASC 2.0); or the finance standard of PCI Data Security Standards for the payment card industry
+-   Adjust your internal security policies and practices to all the nuances of relevant industry, country or regulations such as NIST SP 800-52; The California Consumer Privacy Act: the Canadian PIPEDA; the EU’s GDPR; or HIPAA’s personal health data legislation
+-   Rapidly respond to every new CVE or every item that makes an appearance in the SANS Top 25, or the most common vulnerabilities listed in the OWASP lists
+-   Ensure that your own internal cybersecurity protocols and policies are enforced
 
-*But what else?*
+_But what else?_
 
 The first point to remember is that automated solutions can only reliably alert and respond to the threats to your network, services, databases, APIs, and applications that they've been configured to detect. This configuration is limited to the settings available in the particular software. Auto security testing tools are only as good as the rules that human security engineers have given them. They still must be configured and employed accurately.
 
@@ -96,7 +97,7 @@ Also, malicious hackers can use automated security techniques just as much as de
 
 In the case of social engineering attacks that we’ve just mentioned, a security-oriented mindset is what will keep your staff watchful—not the knowledge of automated tools.
 
-*Could mindset, then, be the greatest weapon in your defensive arsenal? Let’s explore further.*
+_Could mindset, then, be the greatest weapon in your defensive arsenal? Let’s explore further._
 
 ### What elements are crucial to a security mindset?
 
@@ -108,10 +109,10 @@ Further, it is the practice and discipline of working in cybersecurity that give
 
 While automated scanning tools can provide a major asset in the arsenal of any cybersecurity professional, we must honestly acknowledge their weaknesses when set side-by-side with a human:
 
-- An automated scanner can miss vulnerabilities if they are new and not in its database, or if the vulnerability is complex and adaptive. Scanners can only hunt for known vulnerabilities, and according to how automated scans are further configured by users.
-- The problem of false positives can never be completely eliminated even by the most accurate scanners. In the end, a human expert is needed to filter them out.
-- Detecting vulnerabilities is only the start. And, while some scanners assign an urgent priority to their findings, human expertise is needed to assess the *specific* implications of these vulnerabilities for the platform, system or business.
-- Once vulnerabilities are detected, fixing and patching them is a manual process. A vulnerability report is a starting point. Identifying a vulnerability is one thing; successfully remediating it is another. Further, security engineers will sometimes also have to further reengineer their code, to ensure a similar problem does not recur.
+-   An automated scanner can miss vulnerabilities if they are new and not in its database, or if the vulnerability is complex and adaptive. Scanners can only hunt for known vulnerabilities, and according to how automated scans are further configured by users.
+-   The problem of false positives can never be completely eliminated even by the most accurate scanners. In the end, a human expert is needed to filter them out.
+-   Detecting vulnerabilities is only the start. And, while some scanners assign an urgent priority to their findings, human expertise is needed to assess the _specific_ implications of these vulnerabilities for the platform, system or business.
+-   Once vulnerabilities are detected, fixing and patching them is a manual process. A vulnerability report is a starting point. Identifying a vulnerability is one thing; successfully remediating it is another. Further, security engineers will sometimes also have to further reengineer their code, to ensure a similar problem does not recur.
 
 Of course, automatic scanners are excellent assets for speed and quick action, repeatability, ease of use, and constant monitoring. They can provide a good starting point for further investigations, not an end point. But they are not equivalent to a full penetration test and can only find risks that are known.
 
@@ -121,7 +122,7 @@ AI and machine learning contribute to the speed and accuracy of dealing with ris
 
 ## The human factor in cybersecurity will always be required
 
-The fact that there are automated tasks and processes in cybersecurity does not mean that the good security as a whole is autonomous or automatic. Security is more about developing a *security mindset* than a set of features.
+The fact that there are automated tasks and processes in cybersecurity does not mean that the good security as a whole is autonomous or automatic. Security is more about developing a _security mindset_ than a set of features.
 
 For further information on the human element in SaaS security, see [Securing the future of SaaS: Enterprise Security and Single Sign-On](https://goauthentik.io/blog/2023-07-28-securing-the-future-of-saas#good-security-cant-be-automated-the-human-element-in-saas-security).
 
@@ -131,7 +132,7 @@ Humans are at the forefront of cybercrime. Cyber crimes are committed by human b
 
 For example, if your company does not have a 2FA/MFA credential policy, vulnerabilities exist around whether your staff share user credentials to save them time and stress. If these credentials are not updated regularly, or worse, if they’re shared by email, any moderately skilled, malicious hacker could attempt to access the email account of a single user,  and use it to find other company passwords. It is these human weaknesses and errors that most bad actors hackers rely on.
 
-*Over 80% of malicious hacks are as a result of the exploitation of the widest weakness of all—predictable human behavior.*
+_Over 80% of malicious hacks are as a result of the exploitation of the widest weakness of all—predictable human behavior._
 
 ### Human elements of cybersecurity
 
@@ -143,18 +144,17 @@ Once new and significant threats are detached by the automated security, it is h
 
 Despite the growing technology around automated security, and the temptation to relax when it is deployed, there are human factors that are irreplaceable in the practice of cybersecurity. We recently wrote about the importance of the “Blue Team” and how [organizational and product hardening](https://goauthentik.io/blog/2023-11-22-how-we-saved-over-100k#hardening) are an integral part of our human-centered security mindset.
 
-- The human ability to think creatively and rapidly adapt to changing situations are invaluable to good security processes.
-- The higher the security risk, the more related processes must be supervised by skilled security professionals.
-- After automation has quickly gathered information, humans are needed to make any well-informed security and organizational decisions that may arise.
-- Exclusively human tasks include containment, triage, remediation, and launching new initiatives such as better responses (see [Okta got breached again and they still have not learned their lesson](https://goauthentik.io/blog/2023-10-23-another-okta-breach)).
-- Only humans can know the commercial implications of a data breach.
+-   The human ability to think creatively and rapidly adapt to changing situations are invaluable to good security processes.
+-   The higher the security risk, the more related processes must be supervised by skilled security professionals.
+-   After automation has quickly gathered information, humans are needed to make any well-informed security and organizational decisions that may arise.
+-   Exclusively human tasks include containment, triage, remediation, and launching new initiatives such as better responses (see [Okta got breached again and they still have not learned their lesson](https://goauthentik.io/blog/2023-10-23-another-okta-breach)).
+-   Only humans can know the commercial implications of a data breach.
 
 ## The security mindset is not a feature
 
 One misconception is that for every cybersecurity problem or threat, there is an automated feature in some software somewhere that can match it.
 
 > Some cybersecurity software plans seem to promote feature-rich products but forget to promote highly skilled and aware cybersecurity teams with a proactive security mindset.
->
 
 Companies have become too dependent on automation, due to the overwhelming volume of threats and frequency of attacks. This overreliance can cause all sorts of unintended problems—alert fatigue, data overload, devaluing human expertise and input, and an inability to handle zero-day (previously unknown) vulnerabilities.