The CISO’s 2018 Resolution: Security Orchestration and Automation
- January 27, 2018
It’s that time of the year again when we set resolutions to create better communities and selves. Many of us will resolve to do more and to do better, and, for a time, we will. With most resolutions, however, human nature inevitably sets in. We fall back to our old habits, while that new treadmill starts to gather a layer of dust.
Why are resolutions so hard to keep? Psychologists and sociologists have a lot of theories, but if we look at the obvious, it’s because they are usually focused on things we’re not good at. Whether it’s skipping dessert, coming home from work earlier, or calling your mother more often – resolutions are all things that take muscle memory and practice.
Security response works the same way. Despite massive investment, it still takes an average of 191 days to detect a threat and another 66 to contain it. We know vulnerabilities will need to be patched, but today it takes significant research to determine which ones have the highest potential to impact your company. At the same time, security teams are overwhelmed and understaffed, and the shortage of qualified security personnel is only expected to increase. In 2018, we need to make security work better to reduce the almost-daily cascade of breaches we saw in 2017.
We know what we need to do. More importantly, we now have the tools and approaches to do it. Gartner recently published a report calling on leaders to consider investing in Security Orchestration, Automation and Response (SOAR) technologies. Gartner predicts that “by the end of 2020, 15% of organizations with a security team larger than five people will leverage SOAR tools for orchestration and automation reasons, up from less than 1% today*.”
Gartner goes on to say that “SOAR supports multiple activities for security operations decision making such as: prioritizing security operations activities; formalizing triage and incident response; and automating containment workflows.”*
Source: Gartner (November 2017)
I agree; and in my experience these benefits can have enormous business impact for clients. Let’s look at each one in turn.
In 2018, improving security response is a resolution you can keep. In fact, it may even free up enough time for you to keep your resolution to get to the gym more often, too.
*Gartner Innovation Insight for Security Orchestration, Automation and Response, Claudio Neiva, Craig Lawson, Toby Bussa, Gorka Sadowki, 30 November 2017.