Get Started with Security Automation–Tips from the Pros

Getting Started with Automation

“Security is a team sport…and in a game where the rules keep changing…being able to automate, you’re not only doing strategy, but you are also able to train employees around having a stronger security mindset.” Ken Westin, Director of Security Strategy at ReliaQuest

In the recent webinar “Getting Started with Security Automation”, the first in a new series, Secure Smarter Not Harder, Ken Westin, Director of Security Strategy at ReliaQuest and Brian Galligan, Manager of Security Operations & Engineering at Brookfield Properties offer best practices and real-life examples of how to play the security game better through smart automation. Insights on how to reduce risk, improve efficiency and where to invest your cybersecurity budget for optimum results are all strategies covered in detail.

Attendees left with actionable direction, versus a further definition of a problem with no real solution including:

  • Understanding the role of machine learning and automation
  • Filtering out unnecessary threat noise
  • Maximizing analyst skills and how to improve retention

Getting Started with Security Automation

So…why automation? Isn’t that what we’re doing with the tools we have in place? Sadly, statistics show that is not usually the case.

The majority of security remains reactive, even within a well staffed SOC, with a lot of time spent parsing through alerts which are not a major issue in the end. What could you do with the time spent managing those alerts? Ken and Brian share some eye-opening stats (25% of analyst’s time is spent dealing with false positives) and make the case for automation.

Clearly, analyst time is a precious commodity. If that time is spent managing alerts, not only are analysts unable to focus on more strategic activities like proactive threat hunting but retention becomes an issue.

The typical understaffing, overworking and mundane tooling tasks understandably lead to low job satisfaction and high turnover, making staff an easy target for recruiters with almost 60% of these roles lost to recruitment by other companies. As people with experience and tribal knowledge leave  organizations pay in both lost momentum and the high cost of replacing and onboarding a churning team.

A Force Multiplier in Action

Automation is not a replacement for these highly skilled analyst jobs, but it does help to relieve the tasks and long hours which potentially drive people to competitors. Ken and Brian share details around how and why to automate – such as the importance of adopting a systems thinking mentality, placing the human analyst at the center. This can be a major game changer.

Through Open XDR-as-a-Service, ReliaQuest has flipped the formula of people, process, technology on its head. Brian talks about the impact at his organization and how a smart strategy with next generation cloud solutions can revolutionize security outcomes. He outlines the example of Brookfield’s progression on this path:

“Brookfield took a hard look to say where are we lacking? And one of those areas was from a cybersecurity portfolio perspective…we were not as mature as we wanted to be.” Brian goes on to describe that it was, “quickly apparent we wouldn’t be able to manage even something as simple as phishing reporting emails…plus all of the alerts we were getting.”

The End Game? Secure Smarter Not Harder

 Ken summarized the key benefits of security automation this way – net/net how companies really move the dial to win the long game.

“If you are drowning, if you’re treading water, it’s really difficult to even see the shore let alone swim to it. If you’re able to get above water and start to see the shore that’s where you can start to focus on and improve your strategy. “

And Brian added, “In our SOAR tool we have ROI calculators, and when you automate it, you actually put a dollar amount to it. We do take that ROI position first to show an actual dollar amount.”

You can learn from Brian’s experience and get take-aways to apply at your company by watching the full on demand discussion here.