As the cybersecurity industry has matured, so has the approach security teams take to making decisions about investing in security tools.
Instead of focusing on the latest product or technology, security professionals are focused on use cases such as incident response, alert triage, vulnerability management, spear phishing, threat intelligence management and threat hunting, to name a few.
One area within cybersecurity that has steadily gained traction in recent years is automation and we see a use case-based approach to investing in automation initiatives playing out here as well.
There's a difference in how organizations determine their top use cases.
Understanding that selection process provides insights that can benefit organizations that are earlier in their automation journey.
Top use cases vary by industryA recent survey on the state of cybersecurity automation adoption found that security teams are increasingly looking to adopt security automation primarily to drive efficiency.
It makes sense to focus automation initiatives on tasks that provide the most potential for efficiency gains.
The amount of data and threat intelligence security analysts in defense agencies must gather, analyze and operationalize is massive and automation can significantly ease the burden.
Critical infrastructure: Vulnerability management/prioritization tops the list for critical infrastructure security teams and, here too, it is easy to understand why.
Designed for another time, they often lack security mechanisms needed for better protection in today's interconnected world and continuously evolving threat landscape.
Understanding vulnerabilities and applying automation to prioritize which actions to take first based on internal and external data and other factors helps drive tremendous efficiency gains.
Financial services: Alert triage is the most common application for cybersecurity automation in the financial services sector.
Today, the sector is such a prominent target that the volume of alerts and events is becoming untenable and compounds security challenges.
Instead of relying on people, automation can be applied to sift through alerts efficiently and accurately in order to determine the severity of the threat and whether or not the alert should be escalated to incident response.
Automation requirementsOrganizations in each of these industries may approach automation from a different entry point, but the requirements for an automation platform are consistent across use cases.
Security automation success is driven by the ability to make sense of data in different formats and languages from different vendors and systems, and the ability to operationalize data across your security ecosystem for action.
The first phase of security automation implementation begins with aggregating and translating disparate data into a uniform format for analysis.
This includes events and associated indicators from inside your environment, for example from your SIEM system, log management repository, case management system and security infrastructure.
An extensible platform that easily integrates with different tools and enables interoperability allows you to leverage your existing security technologies and teams more efficiently and effectively.
Security teams are increasingly looking to adopt security automation to improve efficiency.
This Cyber News was published on www.securityweek.com. Publication date: Mon, 08 Jan 2024 14:43:05 +0000