Security Automation Begins With A Process
- Begin with a detection and response process, and then adopt the right tool that will help you automate the process.
- You can determine an appropriate level of security automation, but success comes down to understanding your capabilities, building your playbooks, and finding automation tools that fit your process.
“Automation tools do what you tell them to do. But a
tool without a procedure is technically called shelfware.”
One of the key driving forces behind security automation is the speed and automation of cyberattacks themselves. Security automation is the only way to respond quickly enough to stop a previously unknown threat or prevent a fast-moving attack from doing damage. “If you look at incident-response guidelines, they tell you to first identify that you might be under attack, ” says Bruce Phillips, who has worked as a security architect and chief information security officer [CISO] in the financial services industry for many years. “Then you’ve got to triage it and determine with key stakeholders how to respond. Then you need to close it off. But in today’s environment, by the time you get to the triage stage, you’re toast.”