Look again at security automation

Issue 5 2022 Editor's Choice

BT began the automation journey for its security operations centres (SOCs) in 2018, with the goal to unify customer experience across them. The main learning point was “you should never try to automate a complex process that’s not fully documented and well understood.” From this starting point, there are five key considerations to apply to your security automation journey.

#1 Skills shortages should drive focus

The (ISC)2 Cybersecurity Workforce Study reported a worldwide cybersecurity skills shortage of 2.72 million people. In the face of these supply constraints, the cost of cybersecurity talent is extremely high, leading to regular churn as skilled employees leave to pursue other career opportunities. It also makes it very difficult for smaller organisations and less well-funded industries to compete for cyber talent, leading to huge security risks.

Hila Meller.

In an environment where resourcing is limited, it’s critical to consider how automation can handle the routine, the repetitive, and those tasks that are important but not urgent. It would be naïve to assume that whole tasks can be fully automated, but automating the repetitive parts frees your analysts to apply their skills in more complex ways that widen the breadth of their experience, leading to increased job satisfaction and better retention.

#2 Look at automation holistically

When looking at automation options for your organisation, you need to assess the overall value of automating each process. The goal is to use automation where it provides the most effective value, without watering down capabilities, introducing additional risk or removing necessary human oversight. Before implementing automation in your tools, be sure you’re clear on the benefits and why you’re automating. Consider all aspects of your processes, the types of threats you see, talent availability, and the costs vs. benefits of automating certain decisions.

#3 Think about the operational implications of automation

Clear communication between groups within the organisation is critical to any platform where automated change can happen. Operational teams, in particular, need to have understanding, sight, and sign-off of such systems to understand the implications. In most organisations, a human ‘in the loop’ during an initial phase, aware of how such systems operate and able to investigate any change and revert it back in moments is a wise precaution. After a period of optimisation, tuning and tweaking, confidence will grow to the point that the humans can be ‘out of the loop’ and the organisation can rely on the automation.

#4 Choose your scope and domain wisely

Deciding what areas to automate is a minefield for many organisations. For most clients starting out on the journey, we would recommend focusing initially on basic individual controls and policy enforcement capability. This area tends to be simpler, with less chance of clashes between technology areas and vendors.

Risks also vary by organisation. We’ve long advocated for building a strong understanding of the threats each organisation faces and determining responses based on the tools, techniques and procedures known to be used against them. This threat intelligence data can be one of the main drivers allowing these responses to be automated – as long as the accuracy of the data is high.

#5 Data clarity drives improvement

Having a clear view of what data is needed and the insight that it can give you is key to successfully implementing automation programmes. Be selective about security data, particularly when linked to security decision making. Security controls are generating more data points than ever before, but before we can use it, we must ingest, process and store all that information.

Collection plans and data prioritisation should be central to your data strategy. This ensures that you can consolidate and refine data to reduce volume (and therefore cost) without losing the integrity or value of the data or of the decisions that we can make. Inevitably, the data will come in many different forms and from a myriad locations and sources. Having a well thought-through data capture strategy will help deliver the most benefit down the line. With so much data on hand, being clear on validity and prioritisation is fundamental to making sure that automated decision making is accurate and predictable.

As the world becomes ever more interlinked and connected devices number in the billions, the cyber landscape will continue to increase in reach and complexity. To combat this, automation will move from a ‘nice to have’ into an essential tool that organisations can’t cope without. As a result, the importance of contextual, timely and accurate threat intelligence as an input to decision making cannot be overstated.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The human factor side of video management systems
Leaderware Editor's Choice Surveillance Risk Management & Resilience
A video management system (VMS) is central to, and the most vital element to any control room operation using CCTV as part of its service delivery, however, all too often, it is seen as a technical solution rather than an operational solution.

Get the basics right to win more business
ServCraft Editor's Choice Risk Management & Resilience
The barriers to entry in security are not high. More people are adding CCTV and fencing to their repertoire every year. Cowboys will not last long in a space where customers trust you with their safety.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Global strength, local craft
Impro Technologies Editor's Choice
Impro Technologies is a resounding success story. Started in South Africa, the company remains true to its roots and still designs and manufactures its access control systems and solutions in the country.

South Africans play a role in becoming scam victims
Editor's Choice Risk Management & Resilience
The South African fraud landscape is becoming increasingly risky as fraudsters and scammers look to target individuals with highly sophisticated scams, in an environment where it is becoming increasingly difficult for lawmakers and authorities to bring these criminals to justice.

Service orientation and attention to detail
Technews Publishing Editor's Choice Risk Management & Resilience
Lianne Mc Hendry evolved from working for an accounting firm to an accomplished all-rounder familiar with the manufacturing, distribution, and system integration aspects of the security industry value chain.

Are you leaving money on the table?
Editor's Choice Security Services & Risk Management
How many customers have you helped since starting your business? Where does most of your new business come from? If the answer is not from your database’s existing customers, you might have a problem.

Wireless fire tech offers unexpected benefits for load shedding
Technoswitch Fire Detection & Suppression Editor's Choice
For the long-suffering residents of South Africa, the policy of load shedding to help manage demand from the country’s ageing and poorly maintained electrical generation and distribution system, is a major inconvenience, and it can be fatal to fire alarm systems.

Consolidated cybersecurity management
Technews Publishing Editor's Choice Information Security Infrastructure
SMART Security Solutions spoke to Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro, to find out what makes Trend stand out from the crowd and also its latest market offerings.

ADI to close SA operation
ADI Global Distribution Editor's Choice
In a move that will shock the local security industry, ADI Global recently sent an email to its customers notifying them that it will cease its business operations in South Africa.