Digital enterprises today face increasing cybersecurity risks. The software supply chain is under constant threat. Malicious actors target vulnerabilities in common open source packages and common dependencies. Cloud-native threats (misconfigurations, insecure defaults, compromised keys, etc.) persist. Additionally, most organizations have not fully addressed the newfound ubiquity of web APIs and their impact on their own access controls.
If manual responses seem daunting, you’re not alone! To improve cybersecurity across the board, businesses are turning to automation in areas such as threat detection and incident alerting. continue. However, while organizations are automating many aspects of their security strategy, there is still inconsistency in the level of security maturity that varies widely from business to business. Additionally, technical incompatibilities continue to be a common barrier to broader security automation initiatives.
ThreatQuotient’s 2022 State of Cybersecurity Automation Adoption report analyzes the state of cybersecurity automation in today’s distributed enterprise. The research highlights the key factors behind cybersecurity automation and finds that the majority of organizations are experiencing pain points in implementing these initiatives.
Below, we review this research to highlight some of the key points security professionals should consider as they treat cybersecurity as a business enabler, not a business impediment.
The State of Cybersecurity Automation
First, it is clear that cybersecurity automation is becoming increasingly important to information technology (IT) and security professionals. The survey found that 68% said cybersecurity automation is important. With 98% increasing their budget for automation, this attitude could influence their purchasing decisions in the coming year.
Threat intelligence management and incident response are some of the most common cybersecurity automation use cases. However, the report found a lagging adoption of alert triage. Only 18% of respondents have automated alert triage. ThreatQuotient defines alert triage as:
“The process of efficiently and accurately examining and investigating an alert to determine the severity of the threat and whether the alert should be escalated to incident response.”
Application logs and monitoring tools generate so much data that engineers often drown in a sea of observability data. It can be difficult to sift through alerts and separate false positives from real incidents. Therefore, better automation of alert triage is a key area for reducing manual review time and prioritizing security incidents. Streamlining the response process is one way to meet performance goals and reduce mean time to recovery (MTTR).
Task
Automating cybersecurity sounds like an easy win, but it’s a daunting prospect. 97% report having trouble deploying automation initiatives. According to respondents, technology issues are the biggest obstacle, with 21% saying technology issues are hindering automation. This can be due to the complexity of managing different tech stacks across the enterprise and dealing with numerous legacy toolsets. Other common barriers include lack of skills and lack of management buy-in.
When measuring automation maturity, the report found that the majority (62%) rated it at level 2 or 3 on a scale of 1 to 5. These organizations may not yet have security operations centers (SOCs) or security information and event management tools (SIEMs) in place, the report suggests.
Another headache is determining the return on investment for security automation projects. According to the report, companies cannot quantitatively measure success here. They tend to rely on qualitative measurements, such as how resources are managed or staff effectiveness. His recent SANS Cyber Threat Intelligence (CTI) survey also found that the group struggled to measure the effectiveness of his CTI program. Whenever possible, quantitative measurements are more objective and preferred for assessing her ROI of new solutions.
sector context
When it comes to drivers of cybersecurity automation, increasing efficiency and addressing skills shortages rank high overall. However, these drivers differ depending on the sector they belong to. For example, within government, most security automation initiatives are driven by regulation and compliance. Financial services firms are also most likely to see cybersecurity automation as important (75%). This makes sense as financial services face the most threats as they hold highly valuable payment data and personally identifiable information.
Interestingly, the perceived importance of cybersecurity automation has dropped significantly in the retail sector, from 82% in 2021 to just 50% this year. These shifts may reflect shifting priorities amid economic uncertainty. “Now the landscape has changed. Retailers face the prospect of recession and austerity, leaving less room for new investments in automation,” claims the report.
final thoughts
So, with all this information, how should CISOs and senior cybersecurity leaders respond, and how can automation in software development be adopted rather than a hindrance rather than a help? ?
ThreatQuotient has put forward some high-level recommendations for cybersecurity professionals to consider. Here’s a summary:
- Start with use cases that have proven to show value.
- Align context with relevant, high-priority events.
- Simplify complexity with a low-code/no-code automation platform.
- Adopt a security platform that covers a wide range of automation.
- Define clear metrics and directives to gain executive buy-in.
- Standardize on an open architecture platform.
The 2022 State of Cybersecurity Automation Adoption asked 750 senior cybersecurity professionals from companies employing over 2,000 people in the UK, US and Australia. Above, we’ve highlighted some of the key takeaways from our research. For sector-specific insights and detailed regional and role-based snapshots, a full copy is available here.
Need more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel.
