Six Best Practices to Improve Visibility and Accelerate Response

Rethinking Security Automation

Published February 2020

Rethinking_Security_Automation

There are tools for analyzing just about every type of security threat, and for collecting data that adds context to potential threat activity. The problem today is that there are too many tools, too little integration among them, and more noise than a team can analyze and understand – all of which add up to less visibility into threats and less efficient security teams.

In a survey of senior security leaders conducted by 451 Research, the inability to integrate security products was named the top challenge in security management. “A failure to integrate drastically reduces visibility across the environment and wastes time and manpower maintaining disparate tools, rather than consolidating insights from multiple sources into a single pane of glass,” 451 Research reported.

Automation is supposed to solve the “too many tools” problem, surfacing the most critical issues by running playbooks and processes against common threats like phishing, and freeing up valuable resources for other tasks. But the reality is that expectations for automation have outpaced its capabilities to drastically reduce human intervention in security monitoring.