Learning Library

← Back to Library

Accelerating Cyber Resilience Through Automation

3m • Unknown Channel • security • tutorial • intermediate • Watch on YouTube ↗

Key Points

Cyber resiliency means an organization can quickly and effectively recover from cyber attacks, reducing the current average recovery time of 23 days.
Prolonged recovery increases the amount of compromised data—potentially petabytes—making the restoration process more complex and costly.
Achieving faster recovery relies on five key steps: strong foundational security (SIEM/SOAR), rapid detection of anomalies, swift recovery actions, maintaining immutable data snapshots, and extensive automation.
Automation ties the process together, enabling coordinated detection, response, and restoration to minimize downtime and keep both IT staff and CISOs from facing lengthy, painful recovery timelines.

Sections

Full Transcript

# Accelerating Cyber Resilience Through Automation **Source:** [https://www.youtube.com/watch?v=S9c7oy-QXHI](https://www.youtube.com/watch?v=S9c7oy-QXHI) **Duration:** 00:03:55 ## Summary - Cyber resiliency means an organization can quickly and effectively recover from cyber attacks, reducing the current average recovery time of 23 days. - Prolonged recovery increases the amount of compromised data—potentially petabytes—making the restoration process more complex and costly. - Achieving faster recovery relies on five key steps: strong foundational security (SIEM/SOAR), rapid detection of anomalies, swift recovery actions, maintaining immutable data snapshots, and extensive automation. - Automation ties the process together, enabling coordinated detection, response, and restoration to minimize downtime and keep both IT staff and CISOs from facing lengthy, painful recovery timelines. ## Sections - [00:00:00](https://www.youtube.com/watch?v=S9c7oy-QXHI&t=0s) **Cyber Resiliency: Reducing Recovery Time** - The speaker defines cyber resiliency, highlights the current 23‑day average recovery period for attacks, and stresses the need to shorten downtime to protect massive data workloads. - [00:03:05](https://www.youtube.com/watch?v=S9c7oy-QXHI&t=185s) **Immutable Snapshots and Automated Recovery** - The speaker explains that using immutable snapshots together with automation enables organizations to quickly revert to a known‑good state after a cyber‑attack, reducing human error and recovery time, thereby enhancing cyber resilience. ## Full Transcript

0:00What is cyber resiliency? 0:02Well, to put it simply, it's the ability for an organization 0:05to quickly and effectively recover from a cyber attack. 0:09Now, these attacks affect small businesses all the way up to enterprise. 0:13And with the increase in complexity and frequency of these attacks, 0:17It's more important now than ever for anyone involved in an organization's data 0:21to understand what it means to be truly cyber resilient. 0:25So what does it take to be cyber resilient? 0:28Well, let's talk about time first. 0:29Now, if we take this timeline, 0:33and this represents the days it takes to recover from a cyber attack. 0:39The average right now is 23. 0:42Now, this is a nightmare scenario for the CISO all the way down to the I.T. admin. 0:47Any CISO does not want to explain why 0:51they're still 23 days in and they haven't recovered yet, 0:54and the IT admin is having to do this recovery that whole time. 0:57And to further illustrate why it's important 1:01to recover more quickly than this, we can add the data, Y-axis, to this. 1:07Now, if this is your data, 1:10every day that passes by, 1:12we have more and more of our workload being affected. 1:17Now we're talking about petabytes at this point. 1:19And this just further illustrates what a headache this can be, 1:23which it also makes it evident what we want to do, 1:26which is we want to reduce this time to recover 1:29closer to this side of the timeline. 1:31Now, what this does with the workload amount 1:34is it makes a much nicer slice of pie to recover from. 1:40Now this makes the IT admin happy, and this makes the CISO happy 1:43because they don't have to explain why it's taken 23 days. 1:46Maybe it's done in a shift now. 1:48So what is involved in achieving this result? 1:51Well, there's five steps. 1:56The first one is your foundational security. 1:59Now this is your SIEM and your SOAR. 2:04These are the folks that are keeping most of the bad guys out of the castle. 2:09Now, I say most because it's not going to catch everyone. 2:12And it truly is not a matter of if, but when someone gets through. 2:16So what do you need to do then? 2:18Well, we need to figure out something is going on, right? 2:21So detecting is the next part. 2:24And it's not enough to just detect an anomaly. 2:27We have to do this quickly, 2:30because nothing can kick off in this process 2:33until we know something's going on. 2:35Now, the next step once we've detected, is to recover. 2:42And this similarly has to be done quickly 2:45because we can detect quickly and not recover quickly. 2:48And we're still back at the 23 mark. 2:50But if we can detect quickly and recover quickly, 2:52we're much closer to bringing our recovery time 2:55closer to our ideal goal. 2:57Now, what are we recovering? 2:59Well, we need to have a copy of our data 3:01that hasn't been encrypted and held for ransom. 3:05So we need to have an immutable snapshot available to us, 3:10that we can recover from. 3:14And what an immutable snapshot allows us to do 3:17is it allows us to go back in time basically 3:19to before the attack 3:21to a known good copy of our data that we can then recover from. 3:25And the last step that is the glue for all of this 3:29is automation. 3:31When we automate this process, we eliminate human error 3:35and also speed up every step in the process 3:38so that we're dragging this workload 3:40and time to recover all the way back down to here. 3:44So when we understand what we need to focus on 3:47and also the steps that it takes to truly recover from a cyber attack, 3:51we're that much closer as an organization to being cyber resilient.