At ThreatQuotient, we write a lot about security automation. Most recently, we’ve discussed how our data-driven approach to automation helps enable extended detection and response (XDR) in all phases of security operations including detection, investigation and response.
Globally, the cyber threat level to organizations remains high and the current situation only serves to highlight this further. To this point, any organization that has substantial gaps in its cybersecurity capabilities is operating at risk, and when the threat landscape changes, as it has now, so we become more aware of the vulnerabilities that we have carried for some time and the need for better Cyber Threat Intelligence.
“Automation” has become a buzzword in cybersecurity circles. That’s not surprising in an environment where security specialists are in short supply and under intense pressure to defend the business against a huge variety of threats from innumerable different sources. Using technology to do at least some of the work seems like a no-brainer. Nevertheless, it seems that organizations are finding it hard to get the right approach to cybersecurity automation.
Gartner defines Extended Detection and Response (XDR) as “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components”. Simply put, the main component of XDR is the ability to correlate data across multiple security systems and tools for better detection and response.
The cybersecurity industry has talked about security automation for years. We’ve grappled with what, when and how to automate. We’ve debated the human vs machine topic. And when we’ve been burned by machines quarantining a system or blocking a port on a firewall in error, we’ve wondered if there’s any place at all for automation. But deep down we know that automation is the future, and the future is here.
If you work in an organization, you’ve probably had to take a cybersecurity training course at some point during your time there. Regardless of whether you work in cybersecurity or not, most of us breeze through the slides or videos, halfway listening to the warnings about spear phishing emails and hacking tactics. We complete the training and then we tuck away the lessons learned until the next year when we have to do it all again.
Recently, ThreatQuotient hosted an interactive discussion regarding security orchestration and cyber security automation adoption – what it is, what it’s meant to do, and why it can present a challenge for security teams to set up and maintain. What we heard from attendees was that the most common issues preventing them from integrating some form of security automation into their internal processes are the necessary time and resources.
In the past year, research indicates that nearly a third of organizations have accelerated their plans to automate key security and IR processes, while another 85% plan on automating them in the next 12 months. Despite the positivity of these statistics, many organizations struggle to change to a more automated process. This was highlighted at a recent webinar we held with a panel of senior cybersecurity experts from a multitude of sectors.