It\u2019s likely that you already have a variety of security tools -- intrusion prevention, network access control, endpoint security, mobile device management \u2013 that come with automation capabilities designed to quickly find and stop attacks.But for a variety of perfectly good reasons, you\u2019ve been reluctant to turn these features on. You may be worried about blocking legitimate business transactions by mistake, keeping employees from getting work done because their devices have been temporarily quarantined or risking the wrath of users when wiping remote devices.Or maybe you\u2019ve been so swamped that you haven\u2019t had the time to set up these automation capabilities. \u201cIt takes time and skills to tune these products effectively in order to take advantage of their automation capabilities,\u201d says Jon Oltsik, senior principal analyst at Enterprise Strategy Group. \u201cFurthermore, automation usually depends upon integrating several security technologies together, which can be difficult,\u201d Oltsik adds.These are all legitimate concerns. Then there\u2019s the one that nobody wants to acknowledge. As Olstik puts it: \u201cThere is the historical belief that security decisions must be guided by some type of human intervention.\u201dLike with self-driving cars or any technology that aims to take people out of the driver\u2019s seat, there\u2019s a natural reluctance to hand over something as important as security to an automated tool.On the other hand, costly data breaches are on the rise, and finding experienced cybersecurity professionals is becoming more difficult, leaving security pros overwhelmed.Now\u2019s the time for security practitioners to take advantage of all the help they can get.Momentum is building\u201cWe are seeing an increase in the use of automation capabilities.\u00a0The primary driver is that security professionals are overwhelmed by the number of alerts they face and the volume of threat intelligence data,\u201d Oltsik says. \u201cTherefore, they are trying to automate more basic actions to free the infosec team from pedestrian tasks.\u201dThe biggest result of using automation is more operational efficiency, Oltsik says. \u201cCyber security today is more of an operations problem than a technology problem,\u201d he says. \u201cWe don\u2019t have enough skilled cyber security professionals and those we do have are overwhelmed by manual tasks. By automating cyber security processes for remediation, we can help our people work smarter rather than harder.\u201dCompanies that are using the automation features of their security products are seeing results.Sitecore, a provider of customer experience management services, is using network firewalls from Palo Alto Networks in all of its offices, and has them equipped with the vendor\u2019s cloud-based WildFire malware analysis service. WildFire provides advanced threat detection and prevention throughout the networks, automatically sharing protections with all WildFire subscribers globally in about 15 minutes.The company is relying on WildFire \u201cto try and detect and stop intrusions into our network,\u201d says Dylan Lloyd, global IT manager at Sitecore. It\u2019s also testing Palo Alto\u2019s Traps offering and mobile security manager for MDM \u201cto strengthen our security and try to stop more of these attacks on the mobile and endpoint front,\u201d he says.There are multiple reasons why Sitecore is leveraging security automation features, Lloyd says. \u201cOne would be that we do have a limited security team here and we need to make sure we are utilizing our resources as much as we can,\u201d he says.Automation eases the burdens on the security staff \u201cand makes it so we can feel safe that the company is protected by these capabilities,\u201d Lloyd says.Another reason for the increased reliance on automation is that security threats are growing, even against smaller companies. \u201cAs these attacks increase in volume and become more sophisticated, a human being cannot keep up with this, you need to employ these automated capabilities so the company can continue to run and be productive,\u201d Lloyd says.Without these systems in place, \u201cwe would be chasing down these threats, which makes it impossible for anyone to be productive in that environment,\u201d Lloyd says. He also notes that with the amount of effort Palo Alto puts into threat intelligence, it makes sense to let the vendor\u2019s systems protect Sitecore\u2019s network.Safer endpointsThe biggest benefit of automation so far is improved endpoint security. Sitecore has seen \u201ca huge decrease\u201d in malware and has blocked threats at the network before they even get to endpoint devices since implementing the firewalls and WildFire.\u201cThis has made it so our malware infections have gone down to almost none,\u201d Lloyd says. \u201cI think we have seen about 10 malware infections on endpoints in an organization that has over 1,000 endpoints. That\u2019s about 1% of our endpoints in three years.\u00a0I have been in IT for about 15 years now and I have never seen something that works so well, and this is all before we implement Traps.\u201dThere are challenges that come with security automation. \u201cYou always block some legitimate business traffic when you put these things into place, so yes we have hit some of these roadblocks,\u201d Lloyd says. \u201cThere are times when a department launches a new SaaS tool which has been blocked by these tools, and we have to open that for them.\u201d+ ALSO ON NETWORK WORLD Using people to fight cyber attacks is like bringing a knife to a gunfight +Still, there has not been resistance from management or end users, Lloyd says. \u201cWorking in a technology company, the majority of them understand we need to put these tools into place to protect our business,\u201d he says.Another company, Exostar, which provides online collaboration solutions for industries such as aerospace and defense and life sciences, is taking advantage of the automation capabilities inherent in tools such as Tenable\u2019s SecurityCenter to support its intrusion detection, vulnerability management, and related efforts.\u201cBecause the number and sophistication of attacks is on the rise, keeping pace requires a significant investment in time and labor,\u201d says Rob Sherwood, director of security at Exostar. \u201cBy turning to security automation capabilities, we can stay ahead of the game and focus our resources on developing and delivering our solutions for our growing community of customers.\u201dSecurity automation is providing the company with much better visibility, \u201cso we can see where we are potentially at risk and take proactive action accordingly,\u201d Sherwood says. \u201cThere\u2019s no doubt that using these capabilities has allowed us to prevent active attacks against our employees\u2019 corporate devices. Perhaps more significantly, we\u2019ve been able to extend coverage beyond our virtual four walls to actively prevent attacks against applications our customers use every day.\u201dAt the same time, there\u2019s a balancing act between automation and hands-on control, Sherwood says. \u201cAs our confidence in the performance of these security tools rises, we take another step in the direction of automation,\u201d he says.\u00a0\u201cBecause we serve highly regulated industries like aerospace and defense, life science and healthcare, where strong security is an imperative, our security requirements and tuning of security tools\u2019 automation capabilities are highly aggressive.\u201dThe keys to avoiding user pushback and potential productivity loss due to automation are obtaining executive-level support for a baseline security posture and having the flexibility to make controlled, limited, temporary exceptions when it\u2019s necessary and safe to do so, Sherwood says.Also using security automation capabilities is Queens College of the City University of New York. The college relies on the intrusion prevention feature of CounterACT from Forescout, which uses behavior to detect network forensics alerts or viruses and immediately blocks the user.\u201cThen we use the CounterACT captive Web portal to notify the user that there is a problem and to contact the help desk,\u201d says Morris Altman, director of network services and Internet security officer. \u201cThis helped us back in the days when it was very common to have self-propagating worms running around your network.\u201dWhen that began happening, the college would have hundreds of computers getting infected, \u201cand we\u2019d have to manually take them offline by disconnecting and disabling their network ports, and going through firewall logs to detect those computers,\u201d Altman says.The college can now stop attacks proactively, instead of having a situation where hundreds of computers are blocked. \u201cThis made CounterACT a huge productivity and time saver for us,\u201d Altman says. \u201cWe still see this type of infection today and they don\u2019t spread.\u201dOn the college\u2019s wireless network, which is the client network for students, \u201cwe see computers come in with all sorts of problems,\u201d Altman says. \u201cWe stop that stuff in its tracks so the student can either remediate it or come to our help desk for a fix. Now we\u2019re starting to see viruses show up on people\u2019s smartphones, so being proactive is key.\u201dQueens College has had instances when its security policies were more restrictive than necessary; for example, immediately blocking someone when Windows patches were not up to date, Altman says.\u201cNow we have a period where we warn users ahead of time and provide instructions on how to deal with the problem right there on the Web screen along with the help desk number,\u201d Altman says. \u201cWe give them a week or so to get up to date. Then if they aren\u2019t up to date after a week, we block their access. That\u2019s a learning lesson to help us keep our community productive and safe at the same time. We\u2019re playing the balance game between risk and productivity. The last thing we want to do is stop somebody from working, but sometimes the risk is so great that you have to.\u201dViolino is a freelance writer. He can be reached at\email@example.com.