How automation helps future-proof against the challenges of tomorrow, today.

Security process automation has evolved as a hot topic for organisations and IT and security teams. It offers a way to drive efficiencies within security operations and help to free up analysts’ time that would otherwise be spent conducting mundane and repetitive tasks and to allocate it to higher value technical activities. In our latest eBook, we draw out some of the core use cases that automation can help to solve, from staff shortages to the need for a centralised view of data across the entire digital ecosystem. In the age of wormable ransomware, the difference between a fundamental and catastrophic breakdown of business operations is minute; here we explore some of the key considerations that security buyers may want to have front and centre of mind, based on the conversations Senseon has had with security leaders in the information security community.

The future of security operations

I firmly believe that the future of security operations is intertwined with automation. A shortage of cyber security skills combined with the evolving threat landscape is driving the need for highly sophisticated tools that can deliver a level of automation equivalent to a virtual workforce of SOC analysts. Security risks will never truly be eradicated, but they will be significantly reduced if organisations have the capacity to automatically analyse data from their entire digital ecosystem with (crucially) the context required to make this intelligence meaningful and actionable.

Security process automation has evolved from automated incident response. Whilst the latter helped with security issues, a far more proactive approach was ultimately needed. From there came security process automation, which offers a systematic, machine-based approach. This in turn has grown into security automation and orchestration which enables connectivity between disparate security tools and workflows.

The fundamental problems to be solved

We’ve had a lot of interest from the security community recently about how we’re taking big leaps forward in driving efficiencies within their security operations and through our use case workshops we have been exploring the fundamental problems that we can work together to solve. We’ve found that these boil down to some core use cases and you can read about these in more detail in our free eBook here.

Thanks in part to the exponential increase in the volume, velocity and professionalism of cyber attacks, security automation has evolved a key focus for organisations and IT security teams. Before automation came along, analysts were required to comb through, investigate and act on every alert. This model, of course, very quickly became untenable. As organisations place an increasing emphasis on their digital transformation activities, the result is an increase in the technical complexity of their enterprise and an increase in the overall attack surface. As the volume of data that organisations are expected to process increases, the number of alerts produced by their security stack very quickly becomes insurmountable, and the cyber security skills gap (not a lack of skills, but the professionals who hold them) begins to widen.

And of course, that’s never going to end. Organisations operating in a  free market economy will, by their very nature, always be looking for ways to get ahead and it’s often the case that security teams are left to play catch-up and think about how we then secure these new technologies.

The home is the new enterprise

The advent of COVID-19 which has changed the way we work, probably forever, is only going to increase this further and what I think we’ll see, is a quicker drive by businesses to adopt multi-public cloud infrastructures. Through our engagement with the wider information security community, what’s becoming apparent is that a lot of security leaders are thinking, well the vast majority of other businesses are likely transitioning a lot of their services to public cloud providers and is there a risk to the availability and integrity of my services if I rely on just one provider. So the logical choice will probably be a move towards multi-public cloud to avoid a loss of services through unforeseen pressure on public cloud providers.

Security as a business enabler

I think all security teams really aspire to make security an enabler to the business. If that’s what the business is asking for to streamline processes and drive business efficiency, they’re not going to listen if we say ‘no.’ One thing I learnt in the military is that in the presence of so many factors outside of your control, you really must optimise for what you can control in the first place. So where we can’t control what the business asks of the security function, we need to optimise the factors that we can control for efficiency every step of the way.

Automation, when optimised and done correctly, offers an avenue for us to approach problems today and develop a solution that will be future-proof against the challenges of tomorrow.

Continue the discussion here

What considerations do information security professionals have front and centre of mind when it comes to automation?

This insightful eBook:

• offers practical and relevant advice to those exploring automation technologies

• details how security automation can be optimised for maximum efficiency from inception

• provides meaningful guidance on how you can achieve a significant workload reduction for security teams.

About the author

David Atkinson, Founder and CEO, Senseon

Before moving into the cyber security industry, David spent over 15 years working within the UK’s specialist military units where he was the first cyber operative. His combined experience and technical abilities gained from his background in military, government and the private sector has led him to challenge the current approaches to cyber security and to create Senseon.