Get Instant Access
to This Blueprint

Security icon

Build an Automation Roadmap to Streamline Security Processes

You can’t defend against today’s automated attacks with slow and manual processes.

Automation to the rescue, right? While it’s easy to say automation can solve these issues, automation itself is a challenge.

  • Automation tools come with a steep learning curve that busy professionals may not have time to invest in overcoming.
  • Automation can come at a cost that seems difficult to justify to external stakeholders.
  • Automation itself may pose risks or threaten a corporate culture that is adverse to shifting work away from staff.

Ultimately, with automation, CISOs and their staff don’t know where to start.

Our Advice

Critical Insight

Focus automation on eliminating the toil and enhancing everything else. Full autonomization is the goal for most security processes. For all other use cases, automation augmented by human intelligence will effectively balance any risks that automation itself may pose with the benefits of its implementation.

Impact and Result

Our approach gets you over the hump of not knowing where to start and helps you build an automation enablement program that creates momentum to keep making incremental improvements. We do this with the following method:

  • Assessing the suitability of security processes for automation.
  • Weighing the value against the risk of automation.
  • Evaluating the feasibility against other known prerequisites.

In the end, we help CISOs build a roadmap that contains a blend of initiatives that increase their automation maturity as well as future capability.


Build an Automation Roadmap to Streamline Security Processes Research & Tools

1. Build an Automation Roadmap to Streamline Security Processes Deck – A step-by-step document that walks you through the methodology we’ve devised for building your automation roadmap.

From assessing the maturity of all your security processes, to determining their suitability, value, risk, and feasibility for further automation, our process ensures that you maintain forward momentum on your desire to get the most out of your people, process, and technology.

2. Security Automation Workbook – A workbook to carry out the exercises set forth in our methodology.

This workbook includes the security process maturity assessments, as well as the suitability, value/risk and feasibility assessments.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.0/10


Overall Impact

$12,999


Average $ Saved

20


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Gauteng Provincial Legislature

Guided Implementation

9/10

$12,999

20


Workshop: Build an Automation Roadmap to Streamline Security Processes

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Define Goals, Processes, and Assess Maturity

The Purpose

  • Align business goals to automation outcomes. Identify the current state and target state of automation within your existing security processes.
  • Identify the current state and target state of automation within your existing security processes.

Key Benefits Achieved

An understanding of where automation is used in the organization today and where it should be improved, as well as how to measure the success of those efforts.

Activities

Outputs

1.1

Define your organization’s goals for automation

  • Goals, metrics, and KPIs for the automation program
1.2

Discover and itemize your security use cases

1.3

Assess the maturity of your security processes

  • Security Process Maturity Assessment
1.4

Identify the target state for each process

Module 2: Assess Suitability, Value, and Risk of Automation

The Purpose

  • Identify where automation may have roadblocks relating to suitability, value, or risk.

Key Benefits Achieved

Gain an understanding of where automation is being blocked because of a lack of documentation or manual hand-offs. Further determine if automation would be of no value, or add too much risk in some cases.

Activities

Outputs

2.1

Assess the automation suitability of your security processes

2.2

Assess the value and risk of adding more automation to your use cases

  • Suitability, Value, and Risk Assessment
2.3

Determine the initiatives to address suitability or value/risk challenges

Module 3: Assess Automation Feasibility, and Finalize Initiatives

The Purpose

  • Determine if the necessary prerequisites exist to implement automation – centered around technology, training, and buy-in.

Key Benefits Achieved

Identify where automation is being halted because of prerequisite requirements, such as a SOAR platform, or knowledge of a scripting or modeling language. Identify the initiatives needed to close those gaps.

Activities

Outputs

3.1

Assess the feasibility of adding more automation to your use cases

  • Feasibility Assessment
3.2

Determine the initiatives to address feasibility challenges

  • Completed Automated Initiatives List

Module 4: Prioritize Initiatives and Build the Automation Roadmap

The Purpose

  • With all the initiatives on the list, assess their impact and effort, and use that tension to prioritize them into execution waves.

Key Benefits Achieved

An impact analysis helps you look at the big picture and determine how to get the most throughput out of your automation initiatives.

Activities

Outputs

4.1

Align the automation initiatives to business goals

4.2

Assess the effort and cost of each initiative

4.3

Prioritize and sequence the initiatives into appropriate waves

  • Prioritized Initiatives List
4.4

Finalize the Automation Roadmap

  • Completed Automation Roadmap

Build an Automation Roadmap to Streamline Security Processes

You can't defend against today's automated attacks with slow and manual processes.

Analyst Perspective

An automation roadmap that only contains initiatives for processes that should be automated is just a wish list

Information security practitioners are burnt out. In a Tines study, 71% conceded this, with 62% of those attributing burnout to spending over half their time on tedious manual work. That tedious manual work, which probably has to be done to meet compliance regulations, isn't being done with the speed and accuracy needed for effective protection and defense – not when we know the attackers themselves are increasingly making use of advanced automation tools powered by AI. The engineers and operations staff knows this, and it only fuels their disengagement.

But implementing automation for security processes itself is hard. It's hard to streamline processes with automation when each of the 50 technology tools that the average enterprise uses for cyber defense doesn't integrate nicely with any other. SOAR platforms that claim to solve this problem are difficult to justify to leadership and may not demonstrate an ROI without adequate staff training.

An automation roadmap that contains initiatives for processes that should be automated is just a wish list – no one above the shop floor cares about the automation of those tasks. The automation roadmap you build using our research is multi-faceted: it includes initiatives that make automation more suitable for some processes, more valuable and less risky for others, and more feasible in some cases. In this way, not only are you automating what you can and should – but also identifying and removing the barriers that are preventing automation from happening at all. This momentum leads more quickly to gains like improved MTTD on alerts and MTTR on investigations.

But the biggest gain you get from this continuous improvement plan is increased staff engagement and retention. Keep those practitioners happy – let them take care of the rest.

Photo of Fred Chagnon
Fred Chagnon
Principal Research Director, Security & Privacy
Info-Tech Research Group

Executive Summary

Security staff need automation

Your information security staff can't adequately defend the organization from attacks that are growing as much in number as they are in sophistication.

  • They're drowning in alerts, most of which are false positives.
  • They're equipped with so many tools, many of which do not work together.
  • The processes to detect and respond to threats are manual and therefore slow.

Ultimately, the job keeps getting harder and staff members are burning out.

Automation brings its challenges

Automation to the rescue, right? While it's easy to say automation can solve these issues, automation itself is a challenge.

  • Automation tools come with a steep learning curve that busy professionals may not have time to invest in understanding.
  • Automation can come at a cost that seems difficult to justify to external stakeholders.
  • Automation itself may pose risks or threaten a corporate culture that is adverse to shifting work away from staff.

Ultimately, with automation, CISOs and their staff don't know where to start.

Info-Tech's approach

Our approach gets you over the hump of not knowing where to start and helps you build an automation enablement program that creates momentum to keep making incremental improvements. We do by:

  • Assessing the suitability of security processes for automation.
  • Weighing the value against the risk of automation.
  • Evaluating the feasibility against other known prerequisites.

In the end, we help CISOs build a roadmap that contains a blend of initiatives that increase their automation maturity as well as future capability.

Info-Tech Insight

Focus automation on eliminating the toil and enhancing everything else. Full autonomization is the goal for commodity security processes. In all other areas, automation augmented by staff for oversight and orchestration will effectively balance any risks that automation itself may pose with the benefits of its implementation.

With cyberattacks on the rise, security staff are struggling to get the job done

Information security practitioners face several challenges impeding them from protecting your organization effectively

Too many alerts

Seventy-five percent of organizations indicate they spend equal or more time on false positives as they do on actual attacks. Forty-six percent agreed that false positive alerts accounted for just as much downtime as actual attacks. (Source: ESG, 2021; n=500)

Too many siloed technology tools

Sixty-four percent of SOC teams are challenged with pivoting from one tool to the next. (Source: Splunk, State of Security 2023). The average enterprise has upward of 50 security tools deployed, making them eight percent lower in their ability to detect an attack, and seven percent lower in their ability to respond. (Source: IBM Security)

Too many manual processes

When asked what the most frustrating aspect of their job is, just over 50% of security analysts said they spend too much time doing manual work. (Source: Tines)

Too much grunt work

Information security professionals train and certify in the ability to do valuable work such as threat hunting and incident repose. However, in a survey, 78% say they are considering a new role because their current function contains too much mind-numbing manual work. (Source: Splunk, State of Security 2023)

Left unaddressed, these challenges will spiral into issues that impact business

A diagram that shows 4 main issues, including Ineffective breach detection, Prolonged incident response times, Security staff burnout, Non-compliance.

"Leaders need to realize that their security staff have scarce skills, and they need to treat staff burnout due to toil like it's an employee safety problem."

Karl Galbraith
Cybersecurity Consultant, vCISO
Galbraith & Associates Inc.

Automation should be the answer, but it comes with its own set of challenges to overcome

Modern tools aren't used effectively

  • Undocumented processes, or those requiring manual hand-off, stand in the way of making effective use of modern automation platforms.
  • Staff training on the effective use of these tools is also commonly expressed as a barrier to using them to their fullest extent.

Costs of automation are exceedingly high

  • Implementing security automation requires time and money, and it is difficult to justify the costs without an immediate return.
  • High-performing teams struggle to make the case if management feels they are doing "fine" without the aid of automation.

Organizational Resistance

  • Management believes the team is performing well enough without the need for augmentation or technological aid.
  • Other stakeholders do not wish to adapt their processes to support the implementation of automation.
  • An organizational culture that feels threatened by automation.

A diagram that shows What is holding back automation in your organization?

"Many automation tools, such as SOAR1, suffer from a catch-22 irony: you know that automation will save you huge amounts of time, but it's difficult to implement and requires skills you don't necessarily have in-house. Essentially, you can't afford the tools that will save you money."Willy Leichter, VP of Marketing, Cyware

1. SOAR: Security Orchestration Automation and Response: Refers to the suites of tools that organizations can use to automate a variety of security processes within their environment .

The security automation imperative

Your manual security processes don't stand a chance against today's automated and increasingly AI-powered attacks.

AI-enabled attacks

An attack where AI is used to assist in the process (e.g. deepfakes and AI-assisted inference attacks).

AI-powered attacks

An attack that is crafted and launched by AI itself. Trained via machine learning and therefore much stealthier, quicker to execute at scale, and more effective than traditional malware.

  • Polymorphic malware is capable of adapting its own code to avoid detection and increase its effectiveness.
  • Adaptive malware whose behavior is influenced by streams of continuously updated data.

"As businesses adopt AI to defend their networks, cyber actors will adopt the same AI to attack them more effectively.

In the future, defending against global cybercrime will be a never-ending arms race where no team has a clear advantage unless it comes in the form of human expertise, creative thinking and the ability to adapt rapidly."

— Ray Steen, Chief Security Officer, MainSpring

Build an Automation Roadmap to Streamline Security Processes

A diagram that shows Build an Automation Roadmap to Streamline Security Processes

Your automation roadmap will contain diverse initiatives

Implementing automation is the end goal, but your roadmap will also contain initiatives that address critical prerequisites to this goal

A diagram that shows initiatives, including visibility, suitability, value & risk, feasibility, and automate

Our approach puts the checkpoints in the right order to ensure an actionable automation roadmap

Phase 1: Security Automation Maturity Assessment
Start by examining the current state of all your security processes, from ad-hoc to fully autonomized.

Phase 2: Suitability, Value, and Risk Assessment
Before diving into the details, assess whether the processes are even suitable for further automation and whether the value would outweigh any risks posed.

Phase 3: Feasibility Assessment
Assess the presence of show-stopping prerequisites such as technology underpinnings, training, or incurred costs.

Phase 4: Present the Roadmap
Prioritize and order the initiatives into their respective waves and present the roadmap to your stakeholders.

You can’t defend against today’s automated attacks with slow and manual processes.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

9.0/10
Overall Impact

$12,999
Average $ Saved

20
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 7 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Security Automation Maturity Assessment
  • Call 1: Determine the goals, key metrics, and KPIs.
  • Call 2: Discover security processes and assess their maturity.

Guided Implementation 2: Assess Automation Maturity in Your Security Processes
  • Call 1: Determine automation suitability for each process.
  • Call 2: Determine automation value and risk for each process.

Guided Implementation 3: Assess the Feasibility of Automation
  • Call 1: Determine automation feasibility for each process.

Guided Implementation 4: Build the Automation Roadmap
  • Call 1: Prioritize the initiatives based on impact vs. effort.
  • Call 2: Build the automation roadmap.

Author

Fred Chagnon

Contributors

  • Matt Edwards, President & Software Developer, Cocoon CS
  • Ken Muir, Author, Global Advisory Board. LCM Security
  • Karl Galbraith, Cybersecurity Consultant, vCISO, Galbraith & Associates Inc.
  • 3 anonymous CISO / vCISOs
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019