Benefits of Semi Automation Benefits of Semi Automation

Introduction In football, planning every move down to the smallest details is everything. Any coach worth his or her salt has a playbook of strategies and every move, as impulsive as it may seem, has been carefully calculated with perfect “If this, then that” precision, before it ever took place. Yet, although every play has been pre-charted, effective execution relies on the adaptability of players in the moment and a keen understanding of the adjustments

When it comes to the security of corporate data, it’s not all that different from football. In order to be ready for anything that comes your way, all aspects need to be planned and mapped out beforehand, automated with a predetermined course of action – in the vernacular, “IFTTT”. This security playbook is called security automation and it’s an imperative part of keeping all parts of a security operation workflow moving together in precise and accurate motion.security automation Security Playbook

In the complex corporate security environment, automation is increasingly the “go-to” answer for organizations lost in a sea of alerts, logs and data. But there is a danger in putting too much faith into security automation and orchestration alone. Organizations often turn to automation looking for a technological cure-all for their security woes, but while they are very good at what they do (at least theoretically), many security professionals are wary of handing off their most critical processes to a black box that cannot make up for the human intellect element.security automation and orchestration Automation

Machines are not people and as such, do not waiver from their predetermined playbooks, sometimes to the detriment of the goal at hand – that of keeping corporate data secure. As Gartner security analyst Anton Chuvakin points out. “There is – at this stage of security technology development, at least – GOOD AUTOMATION and EVIL AUTOMATION. Longer term, we will certainly see more automation and more domains of information security (cybersecurity, if you have to) covered by automation, BUT I’d be willing to bet anything that the profession of a security analyst will never be full automated.”1 Technology Development

In Forbes, Courtney Nash writes: “From a security standpoint, automation provides infrastructure security, and makes it auditable. But it doesn’t really increase data/information security (e.g. this file can/cannot live on that server)–those too are human tasks requiring human judgement.” Often, just like football’s receiver has to make a moment’s call and adjust strategies, relying on automation and orchestration alone is too rigid. To be truly useful, orchestration must become far more flexible and include people in those processes. What To Learn From Football

When incorporating flexibility into the automation process, a typical scenario could go something like this: Within Automation

The automated process and human intellect work together to create a dynamic, adaptable security infrastructure. Properly implemented the right balance of man/machine mix help validate the relevancy of alerts – allowing analysts to close/eliminate cases more quickly and make sure analysts only look at cases that actually matter while getting rid of the “noise”. Because maintaining varying degrees of flexibility is in part dependent on the ability to navigate effectively across the security infrastructure, teams need tight integration with other security tools – the tighter the integration of all tools from end to end, the greater the ability to traverse between automation and human investigation. The Automated Process

Finding the perfect balance between human intellect and predetermined moves is a bit of an art form, just like in football. Flexibility within automation, with the input of those people who know their processes best, is the key to complete security. Conclusion