Everyone wants to automate security. Traditionally, though, doing so has been challenging because setting up security automation tools required a specialized set of skills that no one engineer at a company possesses.
It’s time to change this state of affairs by democratizing security automation. Here’s why and how.
The Security Automation Dilemma
Again, most teams want security automation. They understand that automation is the only way to detect and contain threats rapidly, before they cause harm to the business.
Yet the major barrier surrounding security automation in the past was their dependence on key engineers to implement it. Although security automation tools were easy enough to find, deploying and configuring them required specialized knowledge of the business’s IT environment and needs.
Traditional Automation Skills
More specifically, security automation deployment necessitated skills like these:
- Ability to develop, test, deliver and maintain close-to-production-grade software
- Ability to integrate with tools existing in the IT / Security stack, collect information from them and orchestrate various operations
- A nuanced understanding of the normal operating conditions of dynamic IT environments. It was only by understanding what was normal – which is a complicated question in the age of fast-changing, cloud-native technology – that teams could write rules to detect anomalies.
- Expertise in security response operations, which allowed engineers to write remediation policies that security automation tools could enforce in order to contain a threat
These areas of expertise represent a unique blend of IT and security skills that relatively few engineers possess. Security analysts might be experts in security operations, but they typically don’t have the deep insight into a company’s Cloud Infrastructure configurations and dynamic environment baselines that they need in order to configure security automation tools effectively. Likewise, IT engineers know the ins and outs of the IT environment, but they don’t usually have the extensive security expertise necessary to take full advantage of security automation tools.
Add multiple business units and IT environments to the mix, and the security automation picture becomes even messier.
Traditional Automation Implementation
What all of the above means is that a company’s ability to implement security automation traditionally hinged on the ability of multiple stakeholders to collaborate – which was usually a slow process. It involved dozens of meetings between IT engineers, security analysts, software developers, and whoever else held a stake in security to figure out how to configure security automation tools in a way that protected assets without disrupting operations through false positives.
And then, whenever the IT environment changed – which could happen when a team began using a new type of cloud service, for instance, or moved more workloads from VMs to containers – everyone would have to come together again to figure out how to update security automation settings.
There exists, of course, a rare breed of engineer who brings to the table both the security and IT expertise necessary to manage security automation effectively on his or her own. However, those engineers are few and far between, and if a company’s ability to take advantage of security automation hinges on having one of these engineers available, the rest of the team is placed in a position where it depends on a single key employee to implement a crucial business process – security automation. That’s hardly an ideal state of affairs.
Democratizing Security Automation
Fortunately, a better world is possible. When security automation tools become simple enough for any engineer to deploy and configure independently, businesses are no longer beholden to a few key employees or a messy collaboration process between multiple types of engineers in order to implement security automation.
Instead, a single engineer can sit down and set up security rules that make sense for whichever assets need to be protected, and that’s it. No more litany of meetings or consultations with multiple stakeholders before a single rule can be written. And no more worrying that your security automation stack will fall apart if the one engineer who actually understands all of it leaves the company.
Democratizing Automation for Security TeamsThanks to a new breed of security automation tools, this healthier approach has become possible. Using pre-configured automation rules and remediation playbooks, modern security platforms democratize automation by making it possible for anyone – not just engineers who possess a rare blend of IT and security expertise – to write automation policies on their own.