SBN

Automation: The natural next step in security operations management

Here’s a question for security analysts and managers: How often are you able to clear your email inbox, remove all the alerts from all of your monitoring tools, update processes and still have time to respond to a few of those outstanding audit findings?

Most security professionals are too bogged down to get through all of these tasks on any given day, let alone find time to complete proactive projects like improving security awareness training, maturing a vulnerability management program or running incident response exercises. There is simply too much to do and not enough time to do it.

The turning point for IT security operations

So how did we get here? The late 1980s were a major turning point for IT security operations, when Syslog allowed centralization and standardization of log files for the first time. Starting in the mid 1990s and into the early 2000s, automation became a significant factor in IT security as industry players created platforms that automatically centralized and standardized logs. Over the past several years we’ve seen the rise of incident identification and management tools in the form of SIEM and other threat detection solutions that automate log review, correlation and alert processes.

But the evolution of advanced threat detection is both a blessing and a curse: these solutions uncover more potential threats, but those alerts also create larger workloads for IT security teams. In fact, a recent study by Damballa, a security firm specializing in threat detection, found that an average North American enterprise encounters 10,000 alerts per day, a number that makes resolving every threat manually an unsustainable proposition.

The continued evolution of threat response

Just as automation helped with centralization, standardization and detection, it also will play a key role in the evolution of threat resolution. Specifically, adopting a security operations management platform that uses an organization’s standardized processes to automatically resolve high volume, low complexity tasks—essentially administrative work—without the need for human intervention frees up security personnel (about 30 percent of their time) to tackle more complex threats. This more efficient use of resources, achieved using automation, will allow IT security teams to deal with an even higher volume of threats in the future.

Claroty

On top of increasing your odds of resolving the most complicated, high-risk threats, automated incident response can have the added bonus of making IT security work more enjoyable. Because the fact of the matter is that I didn’t get into security to complete endless administrative tasks—and I’m willing to bet you didn’t either.

*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Cody Cornell. Read the original post at: https://swimlane.com/blog/automating-security-operations-management/

Avatar photo

Cody Cornell

Cody is responsible for the strategic direction of Swimlane and the development of our security orchestration, automation, and response (SOAR) platform. At Swimlane we advocate for the open exchange of security information and deep technology integration, that maximizes the value customers receive from their investments in security operations technology and people. Collaborating with industry-leading technology vendors, we work to identify opportunities to streamline and automate security activities saving customer operational costs and reducing risk.

cody-cornell has 133 posts and counting.See all posts by cody-cornell