Look again at security automation

Issue 5 2022 Editor's Choice

BT began the automation journey for its security operations centres (SOCs) in 2018, with the goal to unify customer experience across them. The main learning point was “you should never try to automate a complex process that’s not fully documented and well understood.” From this starting point, there are five key considerations to apply to your security automation journey.

#1 Skills shortages should drive focus

The (ISC)2 Cybersecurity Workforce Study reported a worldwide cybersecurity skills shortage of 2.72 million people. In the face of these supply constraints, the cost of cybersecurity talent is extremely high, leading to regular churn as skilled employees leave to pursue other career opportunities. It also makes it very difficult for smaller organisations and less well-funded industries to compete for cyber talent, leading to huge security risks.

Hila Meller.

In an environment where resourcing is limited, it’s critical to consider how automation can handle the routine, the repetitive, and those tasks that are important but not urgent. It would be naïve to assume that whole tasks can be fully automated, but automating the repetitive parts frees your analysts to apply their skills in more complex ways that widen the breadth of their experience, leading to increased job satisfaction and better retention.

#2 Look at automation holistically

When looking at automation options for your organisation, you need to assess the overall value of automating each process. The goal is to use automation where it provides the most effective value, without watering down capabilities, introducing additional risk or removing necessary human oversight. Before implementing automation in your tools, be sure you’re clear on the benefits and why you’re automating. Consider all aspects of your processes, the types of threats you see, talent availability, and the costs vs. benefits of automating certain decisions.

#3 Think about the operational implications of automation

Clear communication between groups within the organisation is critical to any platform where automated change can happen. Operational teams, in particular, need to have understanding, sight, and sign-off of such systems to understand the implications. In most organisations, a human ‘in the loop’ during an initial phase, aware of how such systems operate and able to investigate any change and revert it back in moments is a wise precaution. After a period of optimisation, tuning and tweaking, confidence will grow to the point that the humans can be ‘out of the loop’ and the organisation can rely on the automation.

#4 Choose your scope and domain wisely

Deciding what areas to automate is a minefield for many organisations. For most clients starting out on the journey, we would recommend focusing initially on basic individual controls and policy enforcement capability. This area tends to be simpler, with less chance of clashes between technology areas and vendors.

Risks also vary by organisation. We’ve long advocated for building a strong understanding of the threats each organisation faces and determining responses based on the tools, techniques and procedures known to be used against them. This threat intelligence data can be one of the main drivers allowing these responses to be automated – as long as the accuracy of the data is high.

#5 Data clarity drives improvement

Having a clear view of what data is needed and the insight that it can give you is key to successfully implementing automation programmes. Be selective about security data, particularly when linked to security decision making. Security controls are generating more data points than ever before, but before we can use it, we must ingest, process and store all that information.

Collection plans and data prioritisation should be central to your data strategy. This ensures that you can consolidate and refine data to reduce volume (and therefore cost) without losing the integrity or value of the data or of the decisions that we can make. Inevitably, the data will come in many different forms and from a myriad locations and sources. Having a well thought-through data capture strategy will help deliver the most benefit down the line. With so much data on hand, being clear on validity and prioritisation is fundamental to making sure that automated decision making is accurate and predictable.

As the world becomes ever more interlinked and connected devices number in the billions, the cyber landscape will continue to increase in reach and complexity. To combat this, automation will move from a ‘nice to have’ into an essential tool that organisations can’t cope without. As a result, the importance of contextual, timely and accurate threat intelligence as an input to decision making cannot be overstated.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Hikvision aims for solutions
Technews Publishing Hikvision South Africa Editor's Choice CCTV, Surveillance & Remote Monitoring News Integrated Solutions Conferences & Events
Hikvision recently held a roadshow titled Industry X, where the company highlighted its latest products and solutions, supported by partners and distributors.

Reliable, low-maintenance video appliances
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring News IT infrastructure Products
Symetrix, part of the Agera Group, has added the AES range of video recording servers, storage appliances and workstations to its portfolio.

Technology and the future of security installation in South Africa
Editor's Choice Integrated Solutions Security Services & Risk Management
What are the technologies and trends shaping installation, service and maintenance teams globally, and how will they shape South African businesses today and in the future?

Upgraded security and AI monitoring at upmarket estate
Watcher Surveillance Solutions Editor's Choice CCTV, Surveillance & Remote Monitoring Integrated Solutions Residential Estate (Industry)
Estate upgrades and enhances its security through a partnership between surveillance specialist Watcher and the incumbent guarding company.

The technology wave implications for staff mismatches in control rooms
Leaderware Editor's Choice Security Services & Risk Management
An industry habit of looking at control rooms through a physical security lens has increasingly left clients and staff at a disadvantage in keeping up with control room technology and demands.

Resilience is a collaborative effort
Technews Publishing Editor's Choice
Cyber resilience is not an ‘IT thing’; Wayne Olsen says it is an enterprise-wide risk strategy that involves collaboration, lots of collaboration.

The challenge of data safety and availability
Technews Publishing Editor's Choice Cyber Security
Veeam offers backup and recovery software that presents the user with one interface to manage backups to and from almost any platform.

Cold chain integrity in real time
Technews Publishing Editor's Choice Asset Management, EAS, RFID IT infrastructure Transport (Industry) Logistics (Industry)
DeltaTrak offers real-time farm-to-fork IoT monitoring of the cold chain to ensure every step of the journey is recorded and verifiable via the cloud.

Nomad launches early adopter programme
Editor's Choice News Integrated Solutions Smart Home Automation
Participants in Nomad’s Early Adopter Programme will receive 10% of their volume order to facilitate testing before the commercial launch later this year.

Wage settlement reached
Fidelity Services Group Editor's Choice
The South African National Security Employers’ Association (SANSEA), a representative employer’s organisation within the security industry, confirmed that after a series of ongoing negotiations an agreement was reached.