Grafvision - Fotolia
As a security manager, it's my responsibility to try to improve the efficiency of my security team. While security automation is the clear way to free up the team for other tasks, I'm not sure how to do that. What security tasks should be automated, and which tasks should be left for the team to handle manually?
Improving the efficiency of a security team can be challenging. The staff may have skills but they might be insufficient for what the correct level of protection requires. Automation can provide better efficiencies, coverage and effectiveness, but what security tasks can be automated and which should be handled manually?
Before you begin looking for security automation tools, it is important to determine what you need by taking these steps:
- Develop an enterprise-wide security risk assessment. This ensures that all mission-critical systems and their residual risk factors are identified, as well as determines the risk priority so the security team knows where to focus their efforts.
- Create an inventory of existing tools for monitoring and maintaining protection of critical data, applications, servers, networks, users, Web and Internet events.
- Perform a skills inventory that includes the number of staff, certifications, common body of knowledge in cybersecurity and training (e.g., in-house conferences, external training, secure code training and vendor product training).
Several tasks -- because of the volume -- cannot be performed manually. These would include events from intrusion detection systems, Web attacks, antimalware/antivirus, access violations, logon violations and other security metrics captured by log aggregators or SIEMs.
Manual efforts should include monitoring of change tickets for network and server configurations that might affect your information security posture. Embed your staff in the system development process to provide expert advice on information protection. Develop management reporting that include metrics, current events, state of protection based on an industry best practice or security framework, security awareness program, incident response program and compliance testing. These can be aided by security automation, but final results and reporting cannot.
Security automation in its nature allows an enterprise to accomplish more with fewer resources, but don't forget that tools are only as good as those who know how to use them.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Learn about the benefits of automated malware analysis tools
Find out how to prepare cloud automation tools for an upgrade
Take a closer look at network automation tools
Dig Deeper on Information security program management
Related Q&A from Mike O. Villegas
As ransomware continues to surge, companies are faced with decisions to report the attacks, pay the ransom or both. Experts weigh in on the options ... Continue Reading
A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media ... Continue Reading
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises... Continue Reading