As the report itself says, no company can possibly be expected to deal with these threats in a solely manual response, especially when human error can compound the threat faced by those under attack. Simply put, security automation allows an organization to adequately defend themselves.
An Increase in Demand for Security AutomationBefore we take a look at some areas in which this technology will evolve during 2017, we must examine what industry professionals understand the term to mean, as well as the challenges that have slowed the intake of the available technology. In an article that focussed on threat detection, Networkworld quoted Jon Oltsik, senior principal analyst at Enterprise Strategy Group, who said, “It takes time and skills to tune these products effectively in order to take advantage of their automation capabilities…There is the historical belief that security decisions must be guided by some type of human intervention.”
An Algosec report, focussing primarily on security controls, stated that 83% of respondents in their most recent survey stressed the need for increased automation in the next three years. A further report by Gartner quoted its own analyst, Lawrence Pingree, saying, “In the past, security professionals have been fearful and skeptical of automation. This, however, is changing because organizations are acknowledging that a human response cannot react fast enough, which is compounded by the fact that there are not enough security practitioners in end-user organizations to perform manual human responses to threats.”
EvolutionAlthough the technology does indeed currently exist, there are a number of areas in which significant changes lie ahead in the next 12 months:
Incident Response For most companies still working with human security experts, too often security threats are not cataloged correctly throughout the process. While a threat may well have been identified, the analysts may have failed to coordinate the requisite action to ensure that the threat is both neutralized, and when necessary, further steps are taken in terms of internal guidelines and often external guidelines when the law requires such a step.
Security automation allows an incident to be tracked throughout the entire process, ensuring that all contacts are informed of the attack, and that if and when further steps are not taken by the human security analyst, reminders are automatically generated by the system, and from that, analysts need to decide where incident response measures are deemed a necessity. In such a way, the system ensures that the company adheres to their own internal policy in dealing with any security threat.
Prioritization This aspect of automation links to other emerging technological advances. Historically, prioritizing alerts and threats was a human responsibility, whereby a security analyst would have to manually input into the system specific access points that were seen as significant threats.
Nowadays, through the shared use of big data analysis and learned behavior, security analysts are freed up to deal with other aspects of the system. By collating data from a number of different sources, including past attacks and user behavior, a system can analyze where threats are more likely to come from, and by allowing the machines at the center of the operation the ability to learn from past experiences, the need to continually input data into the system becomes negated.
Policy Compliance For a number of organizations dealing with an increasing list of security regulations, both internal and external, manual adhering to these has become nearly impossible. Enter security automation, which allows an organization to automate the management of these policies. For those in the security or healthcare sector, where security breaches are particularly damaging, the automation of the various necessary steps is a welcome relief.
Even with these potentially game-changing technological advantages, companies should still be aware that security automation and orchestration go hand-in-hand. As we said, “In security parlance, orchestration is a method of connecting security tools, integrating disparate security data, and providing security teams the broad functionality to respond to all types of threats. When executed properly, it is the connective tissue that streamlines security processes and powers effective security response.”