Bridging the security automation gap
Security management has gotten out of hand, according to our recent State of Automation in Security Report. 48% of survey respondents had an application outage as a result of a misconfigured security device, 42% experienced a network outage, while 20% suffered a security breach. And on average, these issues took up to three hours to fix, while 20% of organizations needed a day or more to fix the problem.
Security teams have to take back control; keep the bad guys out while keeping business applications running smoothly and securely, all day, every day. Yet currently these skilled (and usually highly paid) security staff are spending their precious time mostly ‘keeping the lights on’ – manually maintaining existing systems, sifting through countless security alerts, making device configuration changes – while often inadvertently causing outages and creating security holes.
It’s no surprise that over 83% of our survey’s respondents believe the use of automation in security needs to increase, and over 80% believe automation will enhance the overall security posture of their organizations.
Today, however, just 15% of survey respondents said their security processes were highly automated, over 52% had some, but not enough, automation, and 33% said they had little to no automation.
Barriers to adopting automation
What are the biggest inhibitors to increasing automation in security operations? Overall the survey found that the top three barriers were concerns about accuracy and false positives; difficulties in driving organisational change; and lack of time to implement automation solutions.
The survey, however, uncovered a marked difference in the perceptions of C-level executives, and their IT and security teams – the ones on the front line doing the actual work. Differing from the overall trend, C-level execs harboured concerns and misconceptions that there was a lack of the suitable automation tools, and that implementing these types of tools would cause business disruption.
These differing perceptions show that the senior executives probably aren’t informed enough about the automation solutions available to help to address the security problems their organization’s face; while front-line security staff are too concerned about potential errors and distractions from their day-to-day work to put forward a strong case for automation.
The good news is that, at the very least, the survey’s findings showed that all respondents agreed that automating security processes would deliver far-reaching benefits that go beyond security on its own. 75% believe automation will improve application availability by reducing outages; and 75% believe it will eliminate mistakes that create access points for hackers. Three-quarters of respondents believe it will reduce errors and help process security policy changes faster, and the same percentage believe it will reduce audit preparation time and improve compliance.
But, if the full benefits of automating security process are to be realized, there clearly needs to be better communication between those handling the day-to-day IT network and security operations and their senior management – to get everyone on the same page about the value, benefits and capabilities as well as the limitations of automation. Once that happens, automation should be driven from the top in order to alleviate concerns surrounding accuracy, organizational processes and business disruption.
With enterprise networks continually evolving, thanks in part to business transformation initiatives such as cloud and SDN, with cyber threats are becoming ever more sophisticated, and with businesses becoming increasingly subject to demanding compliance standards it’s clear that automation of security processes is no longer a nice to have it’s a necessity in order manage security at the speed of business.