A currently trending topic in IT concerns cyber security automation. As with automation in other areas, doing so with cyber security should allow us to concentrate on more productive problem-solving activities. However, automation may increase the complexity of an organisation’s information systems, and, as hackers look for more and new targets, cyber security programmes must be ready to implement automated cyber security solutions.
What is cyber security automation?
When discussing new automation practices, industry experts usually mean tools like security automation and orchestration (SOAR) products, robotic process automation (RPA) and custom-developed software and code that automate processes and perform analysis.
SOAR products are purpose-built tools that orchestrate activities between other security tools and perform specific automation activities in response to identified threats. RPA tools are a broader set of automation tools that allow for a wide variety of processes to be automated. RPA tools have seen a significant increase in adoption in the HR and finance fields but can also be leveraged by cybersecurity teams.
Why cyber security automation?
Hand in hand with the widespread drive to digital transformation goes increasing technical complexity. This affects the nature of the work organisations do, their competitiveness, how they interact with customers and their overall level of efficiency. Increasing organisational complexity can lead to significant risk if cyber security cannot sufficiently manage the changing environment by properly defending, monitoring and responding to threats.
As companies press forward with a variety of digital transformation activities, it is important to realise that those activities increase the overall attack surface from a corporate espionage perspective.
Many organisations inspect systems and data manually for evidence of unexpected behaviour and indicators of compromise or defect.
This is a losing proposition in a modern organisation and one that can be addressed through cyber security automation. Automation can also help address lean or ill-proportioned cyber security teams (in relationship to the growing digital footprint of the organisation). However, human error and the sheer mass of data to manage, makes it inevitable that a potential threat will slip through the cracks. Implementing automation could be vital in order to reliably protect organisations and ensure resilience through robust and repeatable processes.
The benefits of automation
Given its advantages, efficiency and cost benefits, automation is already being adopted by large and small companies alike. Once the appropriate activities are automated, cyber security practitioners can focus on such projects as:
• Engineering and architecture
• Remediation activities
• Automation Development and Engineering
Is it for you?
Three basic approaches to successfully implement automation concepts include:
1. Embedding development capabilities in your cyber security team. In this way, developers report directly to cyber leadership.
2. Partnering cyber security with organisational development teams. This allows cyber security to leverage the capabilities of organisational development experts.
3. Adopting a hybrid approach. Utilise an internal team for tactical development work and organisational development capabilities for complex integration tasks.
For more information, follow the link to the original Forbes article.