Page 106 - Cyber Defense eMagazine for September 2020
P. 106
Instead of trying to manually sift through and parse data, security teams can deploy automation to
correlate data from across multiple sources, and separate relevant alerts from irrelevant data and false
positives. This can help security teams make better decisions and remove the blind spots that are barriers
to decision-making. By using automation to organize data, teams gain context around workflows and gain
the background for choosing which plays to run against which events.
Final Thoughts
Many automation and orchestration solutions are not intended for companies just starting out down the
automation path. They require customers to develop and maintain code in order to create plays and
playbooks, versus allowing them to focus on which playbooks to run, and when. Furthermore, they tend
to focus on the automation of response rather than look holistically at the security lifecycle, from detection
and investigation through remediation and even threat hunting.
It is important for businesses to explore any opportunities to improve efficiencies, particularly as security
budgets decrease going into 2021 to account for economic uncertainty. By thinking both broadly and
practically about the role of automation, enterprises can make their team’s efforts to keep their
environment secure both more efficient and effective.
About the Author
Joe Partlow is the CTO of ReliaQuest, a leader in enterprise
cybersecurity, where he oversees all new research and development
efforts and new product initiatives. Joe has been involved with infosec
in some role for over 20 years; mostly on the defensive side, but
always impressed by offensive tactics. Current projects and interests
include data analytics at scale, forensics, threats, security metrics &
automation, red/purple teaming and artificial intelligence.
Cyber Defense eMagazine – September 2020 Edition 106
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
