Automation did not enter popular lexicon until the 1940s, when Henry Ford introduced an official “automation department” at his Michigan car plant. But the concept dates back many years before that, most notably to the industrial revolution, where automation acting as a driver for improved productivity and time management planted its roots.
Not surprisingly, automation has tagged right along as industries have ascended over time, including information technology – and eventually cybersecurity. As long as there is a desire to perform routine and redundant tasks faster, automation will thrive.
The question, then, is not if businesses – and security departments – are relying on automation (of course they are) but how their use of automation is changing. And that’s where things get most interesting and telling of where their greatest efficiency and output gaps may currently lie.
The 2020 SANS Automation and Integration Survey seeks to quantify the progress that is being made because of automation and how it is helping organizations to maximize their security investments.
Among the key findings from this year’s report, automation is increasingly being used to support and amplify security operations. And for good reason: SecOps teams are notoriously overwhelmed and hampered by alert overload, security stack sprawl, and inconsistent, undocument and manual processes.
According to the report, “Nearly 74% of respondents are applying automation at medium or high levels for security operations and event or alert processing, indicating that they are making good use of existing systems. The second highest application of automation comes in preventing security exposures to the network, with 57% of respondents reporting medium or high levels of automation in this area, followed by IR processing, at 47%.”
And the report also stated that businesses expect to earmark additional funds toward incident response (a complement of SecOps) over the coming year.
The study also examined the question of whether increased automation will result in staff reduction, which is an age-old concern but one that rarely plays out.
As part of a recent joint webinar with Siemplify, McAfee CTO Michael Leland spoke how SOAR platforms can not only deliver extreme process value to one’s security operations but also free up your most precious capital – your people – to creatively problem solve and actually make businesses more secure.
The SANS report is a terrific encapsulation of the latest trends and practices in security automation. You can download your free copy here.
Dan Kaplan is director of content at Siemplify.