This Industry Viewpoint was authored by Mogan A.B, Rajesh Khanna, and Balaji TN of Prodapt Solutions
As security threats are on the rise, digital service providers (DSPs) need to focus more on threat detection and mitigation capabilities across their network, especially on the access network that serves residential and enterprise customers. Furthermore, they need to focus on the related metrics such as Mean Time to Detect (MTTD) and Mean Time to Mitigate (MTTM). Typically, a small team of technical support executives is deployed to handle the customer-facing security incidents (e.g. in the broadband service offered to residential or enterprise customers). While this team of experts is capable of handling regular day-to-day activities, it will be extremely challenging for them if there is a sudden security threat, which creates a huge volume of tickets to resolve in a short span of time.
Robotic process automation (RPA) as a technology is the best fit for handling high volume, repetitive and mundane tasks and DSPs have begun leveraging it to automate various processes in provisioning, activation, fulfillment, assurance, and billing. However, using RPA to handle high volume and low-frequency security tickets is unconventional in the communications industry. This article discusses effective strategies to implement standard & intelligent RPA in the DSP ecosystem. Automating the DSP security support processes using bots make the whole process simpler, easier, and cost-effective.
The high volume of security threats disrupts DSP’s business operations
Major security issues tend to occur rarely, but the volume of impact disrupts normal business operations. Security teams which typically tend to be smaller in size, are not equipped to handle the high volume of incidents when a major crash down occurs. The graph shows the sudden spike in the number of unique IPs affected during the 48 hrs of WannaCry virus attack.
Traditional threat handling processes and its challenges
The below diagram shows how technical support team handles security incidents using SSDP (simple service discovery protocol) security policy. For new incoming issues, the technical support agent sends an alert to the customer. In case of a repeated issue, then technical support agent proceeds with suspending the service. Once low frequency and high-volume security threat occurs, business operations get disrupted and it requires immediate action.
Bandwidth issue: Unexpected volume of security tickets makes it almost impossible for the technical support agent to use manual threat analysis technique for diagnosis and fixing security tickets.
More turnaround time: After the problem identification, the recovery process takes time as it involves many human touch points from work delegation phase, pre-diagnosis, and restoration phase.
Higher risk: During the restoration phase, the agent performs multiple interactive tasks with many integrated third-party systems like planning, network, provisioning, and activation system. This increases the risk of impact on other systems.
Automation using intelligent RPA
By leveraging RPA capabilities, it is possible to automate mundane, repeated, rule-based security operations to provide support agents with better access to information and enable smarter and faster decision making. During high volume of incidents, bots can be automatically scaled on demand to deal with known security issues with zero manual intervention.
Unassisted bots can work 24x7 when it is auto-configured. Typically, one bot can do the work of approximately 3-5 FTEs. After performing the initial diagnosis process using basic validation technique, intelligent bot performs deep audit process to understand the impact of infection. Based on the analysis, it gives recommendations from the repository. The below diagram shows how self-healing bot with intelligent capabilities achieves zero-touch resolution.
The repository has different templates with various automated quick fix scripts. It will map the checklist with the identical problem in known, repeated & common issue list. After generating a quick fix script to fix a specific issue, it shares the execution commands with fixing bot which then fixes the problem by executing specific action scripts via command windows or putty console.
Benefits of RPA in security operations
- Achieve 61% of instant cost savings and improved operational efficiency with RPA Implementation in security operations
- Achieve 35% to 40% development time savings by developing reusable bots
- Proactive notification and agile response to security incidents improve credibility and customer satisfaction
- Existing bots can be repurposed to handle other security back-office tasks. e.g. destructive attack, DDoS attack, and unauthorized access etc.
Mogan A.B, Manager - Strategic Insights, Prodapt Solutions
Rajesh Khanna, Assistant General Manager - TOPS, Prodapt Solutions
Balaji TN, Transition Manager - TOPS, Prodapt Solutions