Faced by increasingly sophisticated threats, organizations are realizing the benefits of automation in their cybersecurity programs.
Automation, artificial intelligence (AI), and machine learning (ML) are rapidly transforming nearly every industry, and cyber security is no exception. Automation in cyber security is growing so fast that analyst firm Gartner predicts that by 2021 a full 70% of enterprise organizations with a dedicated security operations center (SOC) will have security orchestration, automation, and response (SOAR) capabilities. That growth is remarkable given that less than 5% had these capabilities as recently as 2018.
Automation always raises concerns about peoples’ livelihoods, but cyber security professionals shouldn’t worry about automation making their jobs obsolete. On the contrary, automation, AI, and ML will bring tremendous benefits to SOCs, helping alleviate the growing global cyber security skills shortage and enabling the industry to improve threat-hunting capabilities and response times.
Cyber criminals Are Already Using Automation
The challenge today is that our adversaries have widely embraced automation. Hackers have realized that they don’t just need scale, they need speed and automation lets them launch sophisticated, fully automated attacks that spread malcode fast. Using automation, cyber criminals can quickly and easily spread malware strains that can hide within an organization’s network, looking for vulnerabilities and automatically executing commands when it finds them. Cyber criminals even use automation to make their spearphishing campaigns more convincing, leveraging AI algorithms to impersonate targeted individuals in email conversations and tricking their co-workers into disclosing sensitive information.
With automation, under-resourced SOCs can more quickly analyze vast data sets to look for patterns and anomalies that may indicate a breach, triage and prioritize alerts, and automate response measures. Automating the more minute, time-consuming tasks that are heavy in data analysis enables SOC analysts to spend their time on the more meaningful activities that require higher-level thinking and decision-making.
In addition to enhancing threat hunting, automation enables us to speed our response and remediation time while also providing SOC analysts greater flexibility in terms of how they respond.