At a recent Open Web Application Security Project (OWASP) meetup in San Francisco, Twitter Trust and Info Sec Officer (TISO), Michael Coates put it bluntly, \u201cAutomate or die. This is the biggest thing I stick by in this day and age.\u201dAs security teams grapple with a deluge of data, alerts and the constant threats, it\u2019s table stakes to automate critical parts of the security team\u2019s functions. Security Week reports, \u201cIt\u2019s taken three years but, in 2016, security automation and orchestration is finally front and center\u201d.Gartner analyst Lawrence Pingree has stated that \u201cIn the past, security professionals have been fearful and skeptical of automation. This, however, is changing, because organizations are acknowledging that a human response cannot react fast enough, which is compounded by the fact that there are not enough security practitioners in end-user organizations to perform manual human responses to threats.\u201dThe international standard for security management ISO\/IEC 27001 lists 114 security controls in 14 separate groups. Where do you begin? Sean Convery, vice president and general manager at the ServiceNow Security Business Unit, points out that you can\u2019t automate what you don\u2019t understand. \u201cEstablish baseline metrics for security postures you can track over time, and develop an incident response action plan that addresses an organization\u2019s unique business services and IT architecture.\u201dGartner states that "prioritized and managed remediation based on business context is the Holy Grail of security operations."Improved collaboration with automation: According to Intel Security research, organizations with more than 5,000 employees conducted an average of 150 security investigations in a given year. That\u2019s three incidents each week! The authors write that when it comes to incident detection and response, time has an ominous correlation to potential damage\u2014the longer it takes an organization to identify, investigate, and respond to a cyber-attack, the more likely it is that their actions won\u2019t be enough to preclude a costly breach of sensitive data.Covery points out that \u201cSecurity teams typically use emails, spreadsheets, phone calls and other manual processes to receive and analyze a steady stream of alerts from siloed security systems. More than 90 percent of the IT and security professionals confirmed that they rely on these on manual processes, even though they realize doing so limits their incident response effectiveness and efficiency levels.\u201dAutomation can enhance knowledge and compliance: In his book \u201cBeyond Cybersecurity\u201d author and head of McKinsey\u2019s cybersecurity practice, James Kaplan writes, \u201cToo many companies try to manage Incident Response (IR) in a decentralized fashion. More business value can be destroyed as a result of poor response to a breach. Effective Incident Response (IR) should help improve any organizational relationships with third parties like forensic experts and breach remediation.\u201dAs automation tools rise, the alignment of teams is bound to occur. Despite organizational politics, silos and finger pointing, automation tools can align the various forces in an IR scenario. The general counsel\u2019s office, teaming up with the chief risk officer, CISO and the outsourced SOC can refer to the incident taxonomy, understand various roles and responsibilities, communicate effectively (on-site and off-site) with specific tools and build realtime playbooks.What's more, all these records can be shared for compliance and insurance purposes and can be stored effectively for post-mortem analysis, enhancing corporate knowledge base. In an AlgoSec survey of 350 C-suite professionals, 75 percent of respondents feel that automation will reduce audit preparation time and improve compliance. And 50 percent believe that automation will help deal with the IT skills shortage and reliance on experienced security engineers.Augmenting your SOC: In a recent HP Whitepaper titled \u201cState of Security Operations - 2016 report of capabilities and maturity of cyber defense organizations,\u201d the researchers write that \u201cThe most capable and mature SOCs are bringing incident-handling responsibilities closer to the frontline of operations teams.\u201dA SOC is an extension of your internal team and can function with speed and agility as long as you are using the same tools for collaboration and automation. The HP whitepaper further states that orchestration of duties before, during, and after a breach can reduce the cost of the breach. \u201cHybrid organizations must pay special attention to escalation and shift turnover processes between insourced and outsourced functions. Strictly defined and followed processes ensure that all relevant information is passed between groups and allows for the best capabilities at identifying and isolating breaches.\u201d Indeed, as virtual SOCs come into play, the necessity of centralized repositories for communication and coordination gain importance.[ MORE AUTOMATION: Changing the approach to security automation and cooperation ]Not everything can be automated: We have yet to see meaningful leaps in automation in vulnerability scanning and static code analysis. \u201cMost tools suck - it\u2019s mind boggling,\u201d says Kyle Randolp, principal security engineer at Optimizely. \u201cKey and credential management areas have the potential. But auto scanning tools are a negative ROI."The Register recently reported that vulnerability scanners generate anywhere from 50% to 89% false positive. Chris Steipp, senior security engineer at Wikimedia Foundation, adds that while automation is critical, static code analyzers have identified \u201conly two legit issues in five months, having scanned over 25% of our code base.\u201dDespite such limitations, the promise of security automation can scale any CISOs defense posture. Yet we know that not everything can be automated. Nor will we ever be fully secure.