The birds’ eye view above ground yields greater threat visibility while automating routine monitoring, anomaly detection and response.
Tasked with prioritizing cybersecurity over everything else, organizations are looking out for more effective and efficient defence mechanisms that speed up response times to detected anomalies and breaches.
The use of AI and ML is invaluable in this aspect, automating the collection of performance and configuration data from security devices, performing routine administrative verification tasks, and responding to events that require immediate attention.
This automation of cybersecurity offers two main benefits:
- Faster response time to threats: Security teams can see the difference in how security automation reduces human error and increases the responsiveness to any threats or breaches. Incident response can therefore be measured in minutes instead of hours (or days).
- Relieves teams from mundane duties to focus on higher-level work: Automation of cybersecurity processes helps to orchestrate all systems and tools, monitor performance and alert humans to any unforeseen events. Thus this leaves human talent to focus on the more critical tasks.
According to Subramaniyam Iyer, Regional Director (India & SAARC), Forescout Technologies: “As the number of connected devices escalates, and more functions become or automated, the threat landscape will continue to shift and evolve. As you cannot protect what you cannot see, cybersecurity programs must keep pace” through automation and AI.
Handling SOARing cyber complexity
To keep pace with the challenges of automating cybersecurity, the concept of Security Orchestration, Automation and Response (SOAR) is gaining traction.
SOAR encompasses three functions: threat and vulnerability management; security incident response; and security operations automation.
The beauty of SOAR lies in the fact that it does not just remain centered on data collection and analysis but also addresses the dynamic data generated by cloud and IT applications. According to D K Bajaj, CEO, D M Systems (India): “It is not just big enterprises but small- and medium-sized enterprises also are adopting security automation tools. They have come to realize that automation can save both time and money. In the absence of adequate trained staff, automating the security process just seems like the right solution.”
How high to SOAR?
Although automation can be implemented in both high-risk and low-risk security situations, solutions such as SOAR work best when used to automate only repetitive tasks. As yet, security automation technologies cannot handle advanced tasks autonomously all the time, and rely on some kind of human intervention and judgement.
Due to limitations such as algorithmic training requirements and false positives, organizations adopting security automation still need to balance the level of automation with human intelligence and oversight.
In the meantime, a sufficient level of automation can already help address the workforce and talent shortages in the cybersecurity. Further degrees of automation can be moderated and introduced progressively as the algorithmic training improves, and security staff strengths have been adjusted to an optimal level to support a continually augmented cybersecurity posture.