Security teams are plagued by two interrelated challenges – lack of resources and an ever-increasing set of tools that don’t speak the same language and require sophisticated skills to manage. Stories of analysts combing through disparate data, manually collating them to discover threats and many times, ending up with false positives, only to restart the process all over again are common. And this constant fire drill mode is driving fatigue, a skyrocketing burnout rate and lowering morale. For chief information security officers, recognizing and mitigating the impact of these challenges on SOC analysts cannot be understated. Cybersecurity professionals are in high demand, so keeping them interested and engaged in their work is critically important to the organization’s cyber defenses and business initiatives. While new analysts are eager, they need clear guidance.
“Our whole goal within cybersecurity is that the engineers and analysts we hire are doing something to add value,” says Carrie Mills, Senior Manager of Cybersecurity at Southwest Airlines. “At the same time, we want to ensure they enjoy it.”
To overcome resource challenges, security leaders have been looking at automation capabilities. Process automation, popular in many business areas and IT, has been successful in orchestrating workflows and executing repetitive tasks, at scale and speed, relieving the human to focus more on functions that require higher cognitive skills. “It’s incredible to see the progress we’ve been able to make on vulnerability management with automation,” says Mills. “Before, we would run a scan, we’d export it into an Excel spreadsheet, run a bunch of macros and then weeks later, we’d have something that people could look at, but it wasn’t usually accurate. Now, with automation, as soon as the scan runs, an engineer can look at it in real-time and take action.” This is significant, given that most exploits target known vulnerabilities that have not been patched.
More of your Mind, Less of Your Time
It is important to recognize that automation is not “smart” or “intelligent” in any way that resembles human intelligence. Automation is a way to execute a set of repetitive tasks that can be deployed effectively under a given set of circumstances to conduct specific actions, with the appropriate inputs, to deliver outcomes at scale and speed that is otherwise not possible by humans. Beyond executing repetitive tasks, machines excel at big data collection and analytical exercises that are core to many stages of the security lifecycle – detection, investigation, threat hunting and breach simulation. The idea here is to augment humans, not replace them, since human intelligence and cognitive skills are critical to making the right decisions. Automation can help with strategic augmentation along the security lifecycle to force multiply and empower security teams.
A new SC Media article titled ‘The Future of Automation in Cybersecurity’ takes a closer look at the state of security lifecycle automation. It gives perspectives from practitioners on how and where automation can help augment and amplify security analysts, so they can be proactive and focus on the most important tasks. Instead of focusing primarily on tools and running ragged, analysts can be focused more on business risk and drive successful security outcomes.