Grafvision - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What should security automation do for enterprises?

Letting security automation handle certain tasks can make a security team more efficient. Here's which tasks should be automated and which should be left to the professionals.

As a security manager, it's my responsibility to try to improve the efficiency of my security team. While security automation is the clear way to free up the team for other tasks, I'm not sure how to do that. What security tasks should be automated, and which tasks should be left for the team to handle manually?

Improving the efficiency of a security team can be challenging. The staff may have skills but they might be insufficient for what the correct level of protection requires. Automation can provide better efficiencies, coverage and effectiveness, but what security tasks can be automated and which should be handled manually?

Before you begin looking for security automation tools, it is important to determine what you need by taking these steps:

  • Develop an enterprise-wide security risk assessment. This ensures that all mission-critical systems and their residual risk factors are identified, as well as determines the risk priority so the security team knows where to focus their efforts.
  • Create an inventory of existing tools for monitoring and maintaining protection of critical data, applications, servers, networks, users, Web and Internet events.
  • Perform a skills inventory that includes the number of staff, certifications, common body of knowledge in cybersecurity and training (e.g., in-house conferences, external training, secure code training and vendor product training).

Several tasks -- because of the volume -- cannot be performed manually. These would include events from intrusion detection systems, Web attacks, antimalware/antivirus, access violations, logon violations and other security metrics captured by log aggregators or SIEMs.

Manual efforts should include monitoring of change tickets for network and server configurations that might affect your information security posture. Embed your staff in the system development process to provide expert advice on information protection. Develop management reporting that include metrics, current events, state of protection based on an industry best practice or security framework, security awareness program, incident response program and compliance testing. These can be aided by security automation, but final results and reporting cannot.

Security automation in its nature allows an enterprise to accomplish more with fewer resources, but don't forget that tools are only as good as those who know how to use them.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Learn about the benefits of automated malware analysis tools

Find out how to prepare cloud automation tools for an upgrade

Take a closer look at network automation tools

This was last published in January 2016

Dig Deeper on Information security program management