Automation and orchestration: transforming how cybersecurity teams workBlog
It’s an exciting time to be in cybersecurity, as automation and orchestration help to transform how
Cybersecurity teams operate on a day-to-day basis, as well as support innovation within the business.
Digitalisation has allowed organisations to become increasingly agile, flexible, scalable and transform at exponential speeds. Thanks to digital transformation, cybersecurity has also been understood to play a more significant role in an organisation’s success. Given the substantial financial and reputational damages a single breach or cyber-attack could leave behind, its simply not worth the risk to be unsecured. Organisations are now becoming secure by design; that is, security is being discussed at the board, but also built-in to programmes, applications, products and services that our clients take to market, with the creation of SecDevOps.
While this is good news for the career of the cybersecurity leader and practitioner, the reality is that the demands on cybersecurity teams is growing. An expanding digital footprint, alongside an increasing list of regulatory and data privacy requirements to meet, coupled with the growth in volume and sophistication of attacks, means that it’s harder to keep a business secure. A company’s digital presence has become its largest attack vector.
Add to that a global cybersecurity skills shortage and the job does not get easier. It’s difficult to find the right talent and expertise that will provide sufficient headcount for the day-to-day, and to plan for tomorrow. As a result, security teams are feeling event fatigue, struggling to find the right balance in terms of achieving visibility and control, as well as to effectively promote an innovative and proactive security approach that supports the business’ ambitions for operational excellence and economies of scale.
That’s why there’s so much excitement about orchestration and automation in security. While certainly not new terms in the technology industry, they have tremendous potential to take some of the burden away from cybersecurity teams, helping them to focus their energy and efforts into more high-value activities, extending their effectiveness and overall job satisfaction.
Security automation helps with creating an effective and tightly integrated technology eco-system. It is the computerisation of a task that would otherwise require human intervention or the use of more than one security tool. Examples include automatically provisioning or deprovisioning new users, investigation and evidence collection, as well as event correlation and the respective decision-making processes (the security action to take if A or B occurs, as per past experience).
Security orchestration, on the other hand, is really about the automation of multiple tasks, processes and workflows across multiple cybersecurity tools and systems. The net result is a previously fragmented set of technologies, controls and products that are now integrated, for the purpose of better cyber intelligence sharing and improved threat detection and response.
Together, these take routine, time-consuming tasks away from the practitioner to make security and operational teams more productive, cost-effective, consistent and predictable. A team can move from spending hours investigating a false alarm to a real one that needs addressing and/or, they can redirect their efforts and investment towards developing a culture of SecDevOps , training or knowledge transfer within the business to enable and drive innovation.
I’ve identified the below four domains as the key focus areas in terms of applying cybersecurity automation and orchestration:
- Threat Monitoring – maintaining visibility across the threat landscape, with the ability to detect, contextualise and prioritise key events in real-time.
- Incident Response – the ability to follow up on cyber incidents to be able to contain, investigate and remediate in a short time frame and before damages are incurred.
- Security Lifecycle Management – harnessing machines to offload all the mundane, low level daily tasks such as patching, software management, monitoring, reporting and more.
- Operational Efficiency – using automation to drive operational efficiency, so that processes become repeatable, measurable and continuous improvement can be demonstrated.
There may be other areas that benefit you, or based on your operating environment, you might choose to prioritise one over the other.
If you would like to learn more about orchestration and automation in general, or would like to explore solutions that you can implement in your business, Dimension Data can help. Get in touch with our cybersecurity experts today.