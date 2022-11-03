According to ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to scale operations to deal with the increasing volume of everything coming at them. Faced with a global cybersecurity skills shortage, CISOs need alternatives to hiring their way out of this quagmire.

How can organizations proceed? By automating security operations processes. ESG research reveals that nearly half (46%) of security operations center (SOC) teams are automating security operations processes “extensively,” while another 44% are automating security operations processes “somewhat.”

Multiple approaches to security automation

When it comes to security operations process automation, one might equate this activity with security orchestration, automation, and response (SOAR) technology. In some cases, this is a correct assumption, as 37% of organizations use some type of commercial SOAR tools. Interestingly, more than half (53%) of organizations eschew SOAR, using security operations process automation functionality within other security technologies instead – security information and event management (SIEM), threat intelligence platforms (TIPs), IT operations tools, or extended detection and response (XDR), for example. Those organizations using SOAR admit that it is no day at the beach – 80% agree that using SOAR was more complex and time consuming than they anticipated.

Technology aside, security professionals acknowledge that there are a few major impediments to security operations process automation. For example, 39% claim that their SOC team doesn’t have the software programming skills necessary for developing automation workflows, and 21% say that their security operations processes are relatively immature, requiring re-engineering before they can be automated. This last obstacle reflects Bill Gates’s well-known observation about process automation: “Automation applied to an efficient operation will magnify the efficiency…automation applied to an inefficient operation will magnify the inefficiency.”

Tips toward security automation success

Clearly, there’s work to be done before many organizations can and should apply resources to security operations process automation. Is it worth the effort? Yes. The research exposes that security pros believe security operations process automation can lead to benefits like improved mean time to respond (MTTR), improved threat detection using playbooks, improved staff productivity, and faster acceleration of addressing critical alerts. The balancing act is in achieving benefits while addressing security operations process automation complexity and skills requirements. Based upon countless interviews with SOC personnel, ESG suggests: