At a recent Open Web Application Security Project (OWASP) meetup in San Francisco, Twitter Trust and Info Sec Officer (TISO), Michael Coates put it bluntly, "Automate or die. This is the biggest thing I stick by in this day and age."
As security teams grapple with a deluge of data, alerts and the constant threats, it's table stakes to automate critical parts of the security team's functions. Security Week reports, "It's taken three years but, in 2016, security automation and orchestration is finally front and center".
Gartner analyst Lawrence Pingree has stated that "In the past, security professionals have been fearful and skeptical of automation. This, however, is changing, because organizations are acknowledging that a human response cannot react fast enough, which is compounded by the fact that there are not enough security practitioners in end-user organizations to perform manual human responses to threats."
The international standard for security management ISO/IEC 27001 lists 114 security controls in 14 separate groups. Where do you begin? Sean Convery, vice president and general manager at the ServiceNow Security Business Unit, points out that you can't automate what you don't understand. "Establish baseline metrics for security postures you can track over time, and develop an incident response action plan that addresses an organization's unique business services and IT architecture."
Gartner states that "prioritized and managed remediation based on business context is the Holy Grail of security operations."
Improved collaboration with automation: According to Intel Security research, organizations with more than 5,000 employees conducted an average of 150 security investigations in a given year. That's three incidents each week! The authors write that when it comes to incident detection and response, time has an ominous correlation to potential damage-the longer it takes an organization to identify, investigate, and respond to a cyber-attack, the more likely it is that their actions won't be enough to preclude a costly breach of sensitive data.
Covery points out that "Security teams typically use emails, spreadsheets, phone calls and other manual processes to receive and analyze a steady stream of alerts from siloed security systems. More than 90 percent of the IT and security professionals confirmed that they rely on these on manual processes, even though they realize doing so limits their incident response effectiveness and efficiency levels."
Automation can enhance knowledge and compliance: In his book "Beyond Cybersecurity" author and head of McKinsey's cybersecurity practice, James Kaplan writes, "Too many companies try to manage Incident Response (IR) in a decentralized fashion. More business value can be destroyed as a result of poor response to a breach. Effective Incident Response (IR) should help improve any organizational relationships with third parties like forensic experts and breach remediation."
Sign up for Computerworld eNewsletters.