“A key consideration when optimizing a security stack is making sure new technologies work with each other and with your existing tools.”

• Security Orchestration and Automation platforms are emerging that bring together the different applications in a security stack so that monitoring, analysis, and response become faster and more efficient.
• Building automation into your security practice is not just about buying new technology. It also involves getting the most out of existing technologies through better integration and clearly understanding your processes.

“Orchestration and automation are critical because right now too
many alerts are being left on the floor.”

Many factors in IT security make greater process automation a necessity. Key among them
are the volume of activity data, alerts, and event data that must be analyzed and a shortage of
security people available to do the work that needs to be done.

To address these issues, security orchestration and automation platforms are emerging that
bring together the different applications in a security stack so that monitoring, analysis, and
response become faster and more efficient. This can only be done if there is interoperation
between the applications in your security stack. A key consideration when optimizing a security
stack is making sure new technologies work with each other and with your existing tools.
Upgrading capabilities in a way that fails to align with an existing or planned orchestration and
automation effort results in siloed functionalities.

There has always been a need for security tools to interoperate at some level. What’s new
is the emergence of security orchestration platforms that allow you to use open application
programming interfaces (APIs) to stitch together solutions so you can perform tasks faster
and do things that you couldn’t do before. For example, rather than have an analyst with 10
tabs open in her browser doing the grunt work of correlating data and processing alerts, a
technology stack can automate these functions. Security personnel are too valuable to be
burned out performing those mundane tasks. It is far better for them to receive fully analyzed
and correlated alert reports that allow them to do what they can uniquely do—make informed
determinations quickly—and then take appropriate action.

This is an excerpt from 7 Experts on Optimizing Your Security Stack.  This series was generously sponsored by Carbon Black.