Breaking the cybersecurity automation logjam won’t break the bank
Written by Leon Ward, VP Product Management, ThreatQuotient
Right now, to boost efficiency and achieve economies of scale, businesses want to automate as much as possible. In back office processes, approaches like Robotic Process Automation (RPA), for example, are now increasingly standard and are expected to be a $20bn-plus market by 2030. In parallel, enterprises are looking to ChatGPT and Generative AI to help them speed up everything from creating marketing brochures to drug discovery.
However, where automation is trailing behind is in how organisations go about optimising cybersecurity. Given that attacks tend to occur at scale, or involve complexity beyond even the smartest average security professional to cope with, this core area of vulnerability should be precisely where the CISO and the SOC (security operations centre) seek assistance from automation.
We took a global look at this recently, and found out that security leaders are embracing the idea of automation—identifying “increasing efficiency” as a main driver for cybersecurity automation (41% of respondents), closely followed by “increasing productivity” (36.5%).
Achieving the anticipated outcomes from automation
They’ve even got the budget to do it. 99.9% of respondents indicate their automation budget has increased year-over-year. What they are struggling with is a clear vision of how to make that objective into a solid, BAU reality, because all reported that they have experienced problems when trying to automate.
Given that there is enthusiasm and budget for cybersecurity automation, it seems that guidance is the missing ingredient. In the interests of filling that deficit, the following are practical hints and tips from experienced automation practitioners in our business that will get your automation project moving again.
For a start, be pragmatic and pick one problem that you can automate based on a clear business case. In other words, don’t try and solve all your problems in one go; take one focus area or use case and see what automating some or all of that can do.
If you run a successful PoC here with defined metrics of success and get a real ‘before’ and ‘after,’ then you have grounds for funding the next part of your cyber process—say, threat intelligence management, incident response, phishing analysis, or vulnerability management.
Start small and build
If you go charging in with a mission to “automate everything” you could risk disappointment, when choosing the workflow automation that is best suited for the organisation to start with is a much safer option. Once you’ve achieved that first success, you will soon be building out—and from a solid base—more and more critical use cases. In parallel, give yourself some options by not relying wholly on vendors, make sure to build internal capability to empower you to start developing your own strategy.
In our survey, for example, we asked what the top three most desirable aspects of a new cyber automation use case was; having good training so people can actually get value out of the product and the technologies they’re deploying came in at almost a quarter of people’s most-desired automation feature. So, training, education and up-skilling are important. Recognising this, we recently launched our own new online training capability, ThreatQ Academy, that enables clients to gain a faster return on investment from using our platform.
Whatever way you decide to build up your cybersecurity automation capabilities, to get the most out of it you will need a full picture of your activities. I say this because the earlier stages of cybersecurity automation featured a lot of relatively immature point solutions. That means you’ve probably got some good use cases and some less good, as well as a proportion of shelfware that has never really delivered on its promise. Most importantly, these solutions don’t integrate well and can’t provide the 360-degree, in-depth view of all your organisation’s activities and possible issues that you need. A robust audit of the tools, feeds and platforms in use and consolidation to a system that integrates them all into a single pane-of-glass will solve this problem and give you the visibility required.
Tools and data are important. But your people’s needs come first
We’ve talked a lot about processes, skills, tools and data, and they are all important. But none of them will properly cohere to give you what you need unless—as with any IT initiative—all this is done by aligning what you want to achieve with the organisation’s wider business goals.
Last but absolutely not least; make your people’s lives as easy and productive as possible as they try and make all this work. Automating repetitive tasks can help keep analysts engaged and focused on higher-value activities, reducing the likelihood that they will be tempted to look elsewhere for a more fulfilling role.
Investigate today’s smart tools, many of which now include low/no-code (a key hallmark of RPA, after all) and, slowly but surely, achieve targeted use of AI. Smart tools equipped with AI capabilities empower analysts to make faster and more accurate decisions—which is what everyone wants. And ‘tools’ here also includes HR tools. In fact, our data shows that employee satisfaction and retention has become the main metric for assessing cybersecurity automation ROI for more than 60% of the leaders we talked to.
This makes sense—happy people are loyal people willing to go the extra mile, and one of the most interesting aspects to come out of our 2023 research was the high value CISOs are now putting on the employee experience side of working for them—such as support for flexible working and a good working environment.
Pushing through the cybersecurity logjam
These are just a few simple but highly effective techniques for pushing through the cybersecurity automation logjam. If you still don’t feel confident, don’t be put off; implementing cybersecurity automation is a complex undertaking after all.
Finding a partner who understands the wrinkles here and is prepared to build a constructive long-term relationship for cybersecurity automation success could be the extra step you’ve been missing. If you are interested in reading the full State of Cybersecurity Automation findings you can find them here