Abuse desks, working with customers, sorting out technical difficulties and keeping up to date with the disparate tools, while maintaining the company reputation is taxing on the mind, body, and soul. So, when we add a tsunami of abuse reports identifying potentially malicious intent that need to be processed, we run into the issue which we see plaguing network and service operators, registries and registrars, as well as enterprise security everywhere: abuse management fatigue.
To truly help defeat the wave of network threats and reduce fatigue, there needs to be a well designed enterprise grade automated solution, not scripts. If not done right, homegrown automation solutions without the right components, could lead to disastrous results like the one that happened with Zoho earlier today where Zoho’s domain registrar overstepped its attributes and took Zoho.com down.
Revealing more details on Twitter later in the day, Zoho CEO Sridhar Vembu blamed the entire problem on one of TierraNet's automated abuse report systems.
"Basically an automated system triggered this action and then once a human realized what happened, it was rectified," he said.
How could this have been prevented? The answer is simple: Orchestration.
Simply put, Orchestration is the front end of automation, which aligns the tools and processes with the business needs. Orchestration defines the policies and service levels that are then enforced using automated workflows with weaved-in human intervention wherever applicable.
Only a true orchestration and automation solution can help resolve network abuse incidents without disastrous results. In Zoho’s incident, orchestration could have forced human intervention by defining a policy that would require some high-profile suspensions requiring approval from either a CLO or the CEO.