Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How can security automation tools keep organizations protected?

Sometimes security teams fall into 'set and forget' habits with security automation. Expert Mike O. Villegas explains how to take advantage of automation while staying secure.

It sometimes seems like security teams rely too heavily on "set and forget" security and don't have enough security...

professionals to provide human analysis and judgment. What are the risks with security automation in this regard? How can organizations take advantage of security automation, but remain protected?

The purpose of security automation is to facilitate protection, monitoring and identification of assets that would otherwise be impossible to perform manually. The operative word is facilitate -- not set and forget. All software needs to be tailored for the enterprise's unique environment and updated to maintain the level of protection and monitoring required. The key is to find the right balance where maintenance is routine, necessary and sufficient.

Once in place, security automation tools should generate alerts and reporting on anomalies or vulnerabilities for the security team to vet and determine if further follow-up procedures are needed to mitigate or eliminate the threats reported.

No one is void of attacks, and with the proliferation of new attack vectors introduced daily, it is foolish to believe that the security automation tool does not need further attention. Patches alone warrant some interaction from the security team, otherwise the tool would only be configured for attack signatures known since its implementation. Lack of attention would undoubtedly leave the enterprise exposed to unknown vulnerabilities and possible attacks it would otherwise be alerted of.

Some security automation tools require less maintenance than others but all should be reviewed on a periodic basis. Tools are used to ensure patches to servers and software versions are current, agents are installed and active on target devices, alerts correlate to realistic rules, follow-up procedures require proper monitoring, and remediations are timely for high risk vulnerabilities. All of these require time, research and action on the part of security team members to maintain proper protection and monitoring levels. To believe these security tools run on autopilot is not prudent.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Find out if the industry is ready for cloud security automation

Read more about automated security analysis of mobile apps

Discover what security automation should do for enterprises

This was last published in September 2016

Dig Deeper on Risk assessments, metrics and frameworks



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What has been your experience with security automation?








  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...