Automation to the rescue, right? While it’s easy to say automation can solve these issues, automation itself is a challenge.
- Automation tools come with a steep learning curve that busy professionals may not have time to invest in overcoming.
- Automation can come at a cost that seems difficult to justify to external stakeholders.
- Automation itself may pose risks or threaten a corporate culture that is adverse to shifting work away from staff.
Ultimately, with automation, CISOs and their staff don’t know where to start.
Our Advice
Critical Insight
Focus automation on eliminating the toil and enhancing everything else. Full autonomization is the goal for most security processes. For all other use cases, automation augmented by human intelligence will effectively balance any risks that automation itself may pose with the benefits of its implementation.
Impact and Result
Our approach gets you over the hump of not knowing where to start and helps you build an automation enablement program that creates momentum to keep making incremental improvements. We do this with the following method:
- Assessing the suitability of security processes for automation.
- Weighing the value against the risk of automation.
- Evaluating the feasibility against other known prerequisites.
In the end, we help CISOs build a roadmap that contains a blend of initiatives that increase their automation maturity as well as future capability.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.0/10
Overall Impact
$12,999
Average $ Saved
20
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Gauteng Provincial Legislature
Guided Implementation
9/10
$12,999
20
Workshop: Build an Automation Roadmap to Streamline Security Processes
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Define Goals, Processes, and Assess Maturity
The Purpose
- Align business goals to automation outcomes. Identify the current state and target state of automation within your existing security processes.
- Identify the current state and target state of automation within your existing security processes.
Key Benefits Achieved
An understanding of where automation is used in the organization today and where it should be improved, as well as how to measure the success of those efforts.
Activities
Outputs
Define your organization’s goals for automation
- Goals, metrics, and KPIs for the automation program
Discover and itemize your security use cases
Assess the maturity of your security processes
- Security Process Maturity Assessment
Identify the target state for each process
Module 2: Assess Suitability, Value, and Risk of Automation
The Purpose
- Identify where automation may have roadblocks relating to suitability, value, or risk.
Key Benefits Achieved
Gain an understanding of where automation is being blocked because of a lack of documentation or manual hand-offs. Further determine if automation would be of no value, or add too much risk in some cases.
Activities
Outputs
Assess the automation suitability of your security processes
Assess the value and risk of adding more automation to your use cases
- Suitability, Value, and Risk Assessment
Determine the initiatives to address suitability or value/risk challenges
Module 3: Assess Automation Feasibility, and Finalize Initiatives
The Purpose
- Determine if the necessary prerequisites exist to implement automation – centered around technology, training, and buy-in.
Key Benefits Achieved
Identify where automation is being halted because of prerequisite requirements, such as a SOAR platform, or knowledge of a scripting or modeling language. Identify the initiatives needed to close those gaps.
Activities
Outputs
Assess the feasibility of adding more automation to your use cases
- Feasibility Assessment
Determine the initiatives to address feasibility challenges
- Completed Automated Initiatives List
Module 4: Prioritize Initiatives and Build the Automation Roadmap
The Purpose
- With all the initiatives on the list, assess their impact and effort, and use that tension to prioritize them into execution waves.
Key Benefits Achieved
An impact analysis helps you look at the big picture and determine how to get the most throughput out of your automation initiatives.
Activities
Outputs
Align the automation initiatives to business goals
Assess the effort and cost of each initiative
Prioritize and sequence the initiatives into appropriate waves
- Prioritized Initiatives List
Finalize the Automation Roadmap
- Completed Automation Roadmap
Build an Automation Roadmap to Streamline Security Processes
You can't defend against today's automated attacks with slow and manual processes.
Analyst Perspective
An automation roadmap that only contains initiatives for processes that should be automated is just a wish list
Information security practitioners are burnt out. In a Tines study, 71% conceded this, with 62% of those attributing burnout to spending over half their time on tedious manual work. That tedious manual work, which probably has to be done to meet compliance regulations, isn't being done with the speed and accuracy needed for effective protection and defense – not when we know the attackers themselves are increasingly making use of advanced automation tools powered by AI. The engineers and operations staff knows this, and it only fuels their disengagement.
But implementing automation for security processes itself is hard. It's hard to streamline processes with automation when each of the 50 technology tools that the average enterprise uses for cyber defense doesn't integrate nicely with any other. SOAR platforms that claim to solve this problem are difficult to justify to leadership and may not demonstrate an ROI without adequate staff training.
An automation roadmap that contains initiatives for processes that should be automated is just a wish list – no one above the shop floor cares about the automation of those tasks. The automation roadmap you build using our research is multi-faceted: it includes initiatives that make automation more suitable for some processes, more valuable and less risky for others, and more feasible in some cases. In this way, not only are you automating what you can and should – but also identifying and removing the barriers that are preventing automation from happening at all. This momentum leads more quickly to gains like improved MTTD on alerts and MTTR on investigations.
But the biggest gain you get from this continuous improvement plan is increased staff engagement and retention. Keep those practitioners happy – let them take care of the rest.
Fred Chagnon
Principal Research Director, Security & Privacy
Info-Tech Research Group
Executive Summary
Security staff need automationYour information security staff can't adequately defend the organization from attacks that are growing as much in number as they are in sophistication.
Ultimately, the job keeps getting harder and staff members are burning out. | Automation brings its challengesAutomation to the rescue, right? While it's easy to say automation can solve these issues, automation itself is a challenge.
Ultimately, with automation, CISOs and their staff don't know where to start. | Info-Tech's approachOur approach gets you over the hump of not knowing where to start and helps you build an automation enablement program that creates momentum to keep making incremental improvements. We do by:
In the end, we help CISOs build a roadmap that contains a blend of initiatives that increase their automation maturity as well as future capability. |
Info-Tech Insight
Focus automation on eliminating the toil and enhancing everything else. Full autonomization is the goal for commodity security processes. In all other areas, automation augmented by staff for oversight and orchestration will effectively balance any risks that automation itself may pose with the benefits of its implementation.
With cyberattacks on the rise, security staff are struggling to get the job done
Information security practitioners face several challenges impeding them from protecting your organization effectively
Too many alerts
Seventy-five percent of organizations indicate they spend equal or more time on false positives as they do on actual attacks. Forty-six percent agreed that false positive alerts accounted for just as much downtime as actual attacks. (Source: ESG, 2021; n=500)
Too many siloed technology tools
Sixty-four percent of SOC teams are challenged with pivoting from one tool to the next. (Source: Splunk, State of Security 2023). The average enterprise has upward of 50 security tools deployed, making them eight percent lower in their ability to detect an attack, and seven percent lower in their ability to respond. (Source: IBM Security)
Too many manual processes
When asked what the most frustrating aspect of their job is, just over 50% of security analysts said they spend too much time doing manual work. (Source: Tines)
Too much grunt work
Information security professionals train and certify in the ability to do valuable work such as threat hunting and incident repose. However, in a survey, 78% say they are considering a new role because their current function contains too much mind-numbing manual work. (Source: Splunk, State of Security 2023)
Left unaddressed, these challenges will spiral into issues that impact business
"Leaders need to realize that their security staff have scarce skills, and they need to treat staff burnout due to toil like it's an employee safety problem."
Karl Galbraith
Cybersecurity Consultant, vCISO
Galbraith & Associates Inc.
Automation should be the answer, but it comes with its own set of challenges to overcome
Modern tools aren't used effectively
- Undocumented processes, or those requiring manual hand-off, stand in the way of making effective use of modern automation platforms.
- Staff training on the effective use of these tools is also commonly expressed as a barrier to using them to their fullest extent.
Costs of automation are exceedingly high
- Implementing security automation requires time and money, and it is difficult to justify the costs without an immediate return.
- High-performing teams struggle to make the case if management feels they are doing "fine" without the aid of automation.
Organizational Resistance
- Management believes the team is performing well enough without the need for augmentation or technological aid.
- Other stakeholders do not wish to adapt their processes to support the implementation of automation.
- An organizational culture that feels threatened by automation.
"Many automation tools, such as SOAR1, suffer from a catch-22 irony: you know that automation will save you huge amounts of time, but it's difficult to implement and requires skills you don't necessarily have in-house. Essentially, you can't afford the tools that will save you money." — Willy Leichter, VP of Marketing, Cyware
1. SOAR: Security Orchestration Automation and Response: Refers to the suites of tools that organizations can use to automate a variety of security processes within their environment .
The security automation imperative
Your manual security processes don't stand a chance against today's automated and increasingly AI-powered attacks.
AI-enabled attacks
An attack where AI is used to assist in the process (e.g. deepfakes and AI-assisted inference attacks).
AI-powered attacks
An attack that is crafted and launched by AI itself. Trained via machine learning and therefore much stealthier, quicker to execute at scale, and more effective than traditional malware.
- Polymorphic malware is capable of adapting its own code to avoid detection and increase its effectiveness.
- Adaptive malware whose behavior is influenced by streams of continuously updated data.
"As businesses adopt AI to defend their networks, cyber actors will adopt the same AI to attack them more effectively.
In the future, defending against global cybercrime will be a never-ending arms race where no team has a clear advantage unless it comes in the form of human expertise, creative thinking and the ability to adapt rapidly."
— Ray Steen, Chief Security Officer, MainSpring
Build an Automation Roadmap to Streamline Security Processes
Your automation roadmap will contain diverse initiatives
Implementing automation is the end goal, but your roadmap will also contain initiatives that address critical prerequisites to this goal
Our approach puts the checkpoints in the right order to ensure an actionable automation roadmap
Phase 1: Security Automation Maturity Assessment
Start by examining the current state of all your security processes, from ad-hoc to fully autonomized.
Phase 2: Suitability, Value, and Risk Assessment
Before diving into the details, assess whether the processes are even suitable for further automation and whether the value would outweigh any risks posed.
Phase 3: Feasibility Assessment
Assess the presence of show-stopping prerequisites such as technology underpinnings, training, or incurred costs.
Phase 4: Present the Roadmap
Prioritize and order the initiatives into their respective waves and present the roadmap to your stakeholders.