This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Three Motivators to Automate: Sanity, Security, and Savings
By Barbara Kay, Senior Director, ServiceNow
Remember the 80/20 rule? It's likely that 80% of your SOC's time is spent on investigating and dispositioning phishing, malware, and vulnerability incidents. More hours are devoted to spreadsheets and email than anyone wants to admit.
That leaves just 20% for stimulating work like threat hunting and red/blue exercises.
Basic triage and investigation are likely not what your team gets excited about. But they may be your most important contribution to the business now, since Coronavirus-related phishing and malware won't go away soon. That nemesis, vulnerability management, is more essential as the services you rely on adapt with your workforce and your business, exposing attack crevices.
Automation can help you efficiently deal with the basics to keep your team sane.
Beyond that incentive, there's a strong security case for automation, too. Collaboration at machine speed and intelligence is critical for prioritizing and responding to security incidents. Standard security orchestration, automation, and response (SOAR) tech automates beyond data collection and crunching to threshold, policy, and ML-driven response.
In a Ponemon Institute survey, organizations that had deployed automated security solutions that reduce the need for direct human intervention—with ML/AI, analytics, and response orchestration—saw significantly lower costs after experiencing a data breach. Organizations that had not deployed security automation experienced breach costs that were 95 percent higher than breaches at organizations with fully-deployed automation.
While the obvious focus is on automating processes within security, automating workflows that share data and actions between security and IT teams (including IT Risk) helps contain and resolve threats faster.
Here's another motivator – cost savings.
Every budget is getting squeezed to the essentials. 2021 will be more of the same. Through automated workflows, you can systematically take cost out of processes and do more with same or less. Find savings in:
- Cutting redundant and manual tools and processes. It's common for different teams to do similar things with different tools, or via spreadsheets and manual data transfers. Look outside the SOC to IT teams responsible for administering defenses and remediating incidents to identify targets.
- Reducing in-house developed tools. Homegrown code traps your experts in maintenance and may be redundant with commercially supported offerings.
- Retiring niche tools. Many previously "boutique" functions are available now from core platform providers at a lower TCO.
- Keeping only what you use. Software and hardware asset audits can quickly help you cut license costs or improve your bargaining position at your next renewal.
For many years, security organizations have resisted automation, but it's time to give in. Automation lets everyone stay sane by spending their time on satisfying work, improves the security of your organization by reducing the chance of a successful breach or attack, and offers savings that your management will appreciate.