APTs and other types of sophisticated attacks are undoubtedly changing information security processes, technologies, and skills, but ESG found another interesting transition in progress: Given the volume, sophistication, and surreptitious nature of APTs, large organizations are apparently willing to adopt more automated security technologies as a means for attack remediation. ESG\u2019s recently published research report on APTs indicates that 20% of enterprises believe this development will happen \u201cto a great extent\u201d while another 54% say this will happen \u201cto some extent.\u201d (See this link for more information about the ESG Research Report, U.S. Advanced Persistent Threat Analysis).Why is this surprising? Since the introduction of Intrusion Prevention Devices, security professionals have had access to technical tools to block certain behavior or remediate problems automatically. For the most part however, many firms eschewed these capabilities for fear that a false positive would cause security tool to take a critical business application or network segment off-line. As a result, IPS devices were usually deployed in passive-mode \u2013 generating alarms but not taking any type of automated action.The ESG data indicates that many enterprise organizations believe that sophisticated attacks and IT complexity make this \u201cwait-and-see\u201d security strategy obsolete. Security tools need to be smart enough to detect and react to suspicious behavior, anomalous activities, and attacks in progress. To me, this means:1.\tSecurity intelligence is critical. Automated remediation depends upon extremely accurate analysis of mountains of data. In other words, security intelligence has turned into a big data problem that CISOs must recognize. This trend validates the vision of vendors like EMC\/RSA (enVision, NetWitness, Greenplum), HP (ArcSight, Vertica, HP Labs), IBM (Q1, Netezza, SPSS, i2), McAfee (Nitro Security) and startups like RedLambda.2.\tReputation data must play a role. Aside from internal network analysis, security intelligence must understand if a source\/destination IP address, URL, application, DNS record, or file is known to be suspicious or malicious. Reputation data from Blue Coat, Check Point, Cisco, and Trend Micro must be part of the mix.3.\tLook for lots of R&D with security rules engines. It\u2019s hard enough collecting and analyzing terabytes of security data \u2013 making accurate remediation decisions based upon this data analysis adds another quantum degree of difficulty. This is rocket science-type stuff that demands strong public\/private cooperation. For starters here, the Federal government should be more forthcoming on its Einstein project and any other research it has done in this area.