Automate Security

While security professionals continue to grow in skill and acumen, the volume and acceleration of attacks, coupled with the evolving threatscape of our digital economy, far outpace any improvements to security, widening our gap in protection. For example, in 2007, security operations centers (SOCs) saw fewer than 1,000 alerts on an average day. By 2017, SOCs were seeing more than 1,000,000 alerts a day—a 1,000% increase.^[1] Solving this problem and closing the gap will not be easy. Simply adding more people to the SOC is not a scalable solution, and doing more of the same will not solve this issue. We need a new approach.

Every day we detect and block attacks, but it takes too much time to do that and tackle other security lifecycle tasks. The solution is to shrink the time required to complete those tasks, and the best option for that is automation. However, the complexity of today’s security infrastructure ensures that no single method will solve all these problems.

Automation is the starting place, but there are different levels of automation to consider. Some simple, repetitive tasks can be automated through simple integration. However, many of the protection gaps come from slow handoffs between IT or security teams with different tools and goals. For example, the NOC focuses primarily on improving operational efficiency, whereas the SOC focuses on detection efficacy. In a perfect world, they work together, but it is easy for the NOC to disable security in the name of performance or uptime, and it is equally as easy for the SOC to impede throughput or access in the name of deeper levels of inspection. Automation that can meaningfully close the gap must also cross the chasms of our organizational silos.

_{[1] Optiv research, 7 September 2017, Dave DeWalt, General (Ret.) David Patraeus}