As cyber attacks continue to proliferate on a worldwide basis, what can businesses and enterprises do to combat the risk of cyber intrusions? A new report (“The Challenge of Building the Right Security Automation Architecture”) from Juniper Networks and the Ponemon Institute provides an answer to that question. Given the IT skills gap and the dearth of cybersecurity pros in the marketplace today, the report suggests that one potential solution is security automation.
The problem of not enough cybersecurity pros
Without a question, companies and enterprises have to become smarter about the way they combat cyber crime and other coordinated cyber threats. The old approach – simply trying to hire as many cybersecurity pros as possible and then hoping for the best – no longer seems to be working. For one, there simply aren’t enough of these cybersecurity pros to go around. A staggering 57% of respondents interviewed for the Juniper-Ponemon report said that they have difficulty attracting, hiring and recruiting cybersecurity pros.
And it’s not just that companies are having a hard time recruiting new talent – even the talent that currently exists is not up to the task of battling cyber thieves. As the report points out, only one-third (35%) of companies feel that they have the right in-house expertise to battle cyber thieves. Thus, it is increasingly the case that companies are fighting amongst themselves to attract a limited number of cybersecurity pros, as a result of all the competition in the marketplace.
Moreover, as the Juniper reports makes abundantly clear, today’s cybersecurity pros are overworked, spending all of their time on routine, mundane tasks rather than focusing on higher-level threat intelligence analysis. On average, these cybersecurity pros are bogged down for more than 2 hours a day following up on alerts, responding to incidents and updating logs. That’s a huge drain on manpower, and one big reason why companies are looking for a way out of this impasse caused by the shortage of security professionals.
Security automation as a solution
Thus, it’s perhaps no surprise that security automation and orchestration is being viewed as something of a godsend by tens of thousands of corporations around the world. Simply put, if it’s not possible to find enough human cybersecurity pros, it might just be possible to find a security automation and orchestration platform that can cover many of the same functions. That, in short, is one great allure of security automation – the ability to address many of the security threats that they are currently facing without the need to go on a massive hiring spree for new cybersecurity pros.
As the Juniper report highlights, new security automation tools are viewed primarily as a productivity tool. For example, 64% of respondents said that the top benefit of security automation was boosting the productivity of existing cybersecurity pros. These new security systems would speed up response times and ensure that they weren’t just following up on minor cyber threats. As Amy James, Director of Security Portfolio Marketing at Juniper Networks, points out, “It is not surprising that productivity is the most important given it is hands down the most acute pain point that we hear about.”
One way to boost this productivity is simply streamlining the approach to dealing with security threats. Security automation tools can help to ensure that only the highest-risk events are flagged for review by security personnel. Everything else can be taken care of automatically. Moreover, security automation tools can help to significantly reduce the number of false positives, or the number of security incidents that seem to be much ado about nothing.
How, when and where to automate?
On the surface, of course, security automation seems like a panacea to the problem facing organizations around the world, all of them trying to come to grips with security weaknesses while simultaneously trying to minimize the amount of human intervention required. However, the Juniper report suggests that there are a number of pros and cons that need to be considered when it comes to automation.