Breaking the cybersecurity automation logjam won’t break the bank
Right now, to boost efficiency and achieve economies of scale, businesses want to automate as much as possible. In back office processes, approaches like Robotic Process Automation (RPA), for example, are now increasingly standard and are expected to be a $20bn-plus market by 2030. In parallel, enterprises are looking to ChatGPT and Generative AI to help them speed up everything from creating marketing brochures to drug discovery.
However, where automation is trailing behind is in how organizations go about optimizing cybersecurity. Given that attacks tend to occur at scale, or involve complexity beyond even the smartest average security professional to cope with, this core area of vulnerability should be precisely where the CISO and the SOC (security operations center) seek assistance from automation.
We took a global look at this recently, and found out that security leaders are embracing the idea of automation -- identifying "increasing efficiency" as a main driver for cybersecurity automation (41 percent of respondents), closely followed by "increasing productivity" (36.5 percent).
Achieving the anticipated outcomes from automation
They’ve even got the budget to do it. 99.9 percent of respondents indicate their automation budget has increased year-over-year. What they are struggling with is a clear vision of how to make that objective into a solid, BAU reality, because all reported that they have experienced problems when trying to automate.
Given that there is enthusiasm and budget for cybersecurity automation, it seems that guidance is the missing ingredient. In the interests of filling that deficit, the following are practical hints and tips from experienced automation practitioners in our business that will get your automation project moving again.
For a start, be pragmatic and pick one problem that you can automate based on a clear business case. In other words, don’t try and solve all your problems in one go; take one focus area or use case and see what automating some or all of that can do.
If you run a successful PoC here with defined metrics of success and get a real 'before' and 'after,' then you have grounds for funding the next part of your cyber process -- say, threat intelligence management, incident response, phishing analysis, or vulnerability management.
Start small and build
If you go charging in with a mission to "automate everything" you could risk disappointment, when choosing the workflow automation that is best suited for the organization to start with is a much safer option. Once you’ve achieved that first success, you will soon be building out -- and from a solid base -- more and more critical use cases. In parallel, give yourself some options by not relying wholly on vendors, make sure to build internal capability to empower you to start developing your own strategy.
In our survey, for example, we asked what the top three most desirable aspects of a new cyber automation use case was; having good training so people can actually get value out of the product and the technologies they're deploying came in at almost a quarter of people’s most-desired automation feature. So, training, education and up-skilling are important.
Whatever way you decide to build up your cybersecurity automation capabilities, to get the most out of it you will need a full picture of your activities. I say this because the earlier stages of cybersecurity automation featured a lot of relatively immature point solutions. That means you’ve probably got some good use cases and some less good, as well as a proportion of shelfware that has never really delivered on its promise. Most importantly, these solutions don’t integrate well and can’t provide the 360-degree, in-depth view of all your organization’s activities and possible issues that you need. A robust audit of the tools, feeds and platforms in use and consolidation to a system that integrates them all into a single pane-of-glass will solve this problem and give you the visibility required.
Tools and data are important -- but your people’s needs come first
We’ve talked a lot about processes, skills, tools and data, and they are all important. But none of them will properly cohere to give you what you need unless -- as with any IT initiative -- all this is done by aligning what you want to achieve with the organization’s wider business goals.
Last but absolutely not least; make your people’s lives as easy and productive as possible as they try and make all this work. Automating repetitive tasks can help keep analysts engaged and focused on higher-value activities, reducing the likelihood that they will be tempted to look elsewhere for a more fulfilling role.
Investigate today’s smart tools, many of which now include low/no-code (a key hallmark of RPA, after all) and, slowly but surely, achieve targeted use of AI. Smart tools equipped with AI capabilities empower analysts to make faster and more accurate decisions -- which is what everyone wants. And ‘tools’ here also includes HR tools. In fact, our data shows that employee satisfaction and retention has become the main metric for assessing cybersecurity automation ROI for more than 60 percent of the leaders we talked to.
This makes sense -- happy people are loyal people willing to go the extra mile, and one of the most interesting aspects to come out of our 2023 research was the high value CISOs are now putting on the employee experience side of working for them -- such as support for flexible working and a good working environment.
Pushing through the cybersecurity logjam
These are just a few simple but highly effective techniques for pushing through the cybersecurity automation logjam. If you still don’t feel confident, don’t be put off; implementing cybersecurity automation is a complex undertaking after all.
Image credit: Lisa F. Young/Shutterstock
Leon Ward is VP Product Management, ThreatQuotient, If you are interested in reading the full State of Cybersecurity Automation findings you can find them here.