IT automation has become an increasingly critical tool used by enterprises around the world to strengthen their security posture and mitigate the cybersecurity skills shortage. But most organizations don’t know how, when or where to automate effectively, as noted in a recent report by Juniper Networks and the Ponemon Institute.
According to “The Challenge of Building the Right Security Automation Architecture,” only 35 percent of organizations have employees on hand who are experienced enough to respond to threats using automation. The majority of organizations (71 percent) ranked integrating disparate security technologies as the primary obstacle they have yet to overcome as they work toward an effective security automation architecture.
The report pointed out that the U.S. government is likely to struggle with IT automation as well, but there is much that it can learn from the private sector to help streamline the process.
How Hard Can IT Automation Be?
According to the study’s findings, enterprises are struggling to implement automation tools because of the lack of expertise currently available.
Juniper’s head of threat research, Mounir Hahad, and its head of federal strategy, David Mihelcic, said the U.S. government will “definitely struggle with automation as much, if not more than the private sector.”
About half (54 percent) of the survey’s respondents reported that detecting and responding to threats is made easier with automation technologies. Of the 1,859 IT and IT security practitioners in the U.S., the U.K., Germany and France, 64 percent found a correlation between automation and the increased productivity of security personnel.
Be Cautiously Optimistic
Indeed, there is good news for government security teams. Technology Modernization Fund (TMF) awards are now available as an initiative of the Modernizing Government Technology Act (MGT). The Departments of Energy, Agriculture, and Housing and Urban Development were the first three agencies to receive a combined total of $45 million in TMFs, according to FedScoop.
More government agencies will likely apply for some of the $55 million that remains available for 2018. While there’s a strong likelihood that agencies will continue to invest in automation with some portion of these funds, Juniper Networks warned that they shouldn’t expect an easy deployment.
“The cybercrime landscape is incredibly vast, organized and automated — cybercriminals have deep pockets and no rules, so they set the bar,” said Amy James, director of security portfolio marketing at Juniper Networks, in a press release. “Organizations need to level the playing field. You simply cannot have manual security solutions and expect to successfully battle cybercriminals, much less get ahead of their next moves. Automation is crucial.”
With so many IT teams unable to recruit sufficient talent to implement automation tools, David “Moose” Wolpoff, chief technology officer (CTO) and co-founder of Randori, questioned why organizations are considering them as part of their security infrastructure in the first place.
“Based on [Juniper’s] findings, I get the impression that government entities may be feeling the same way, buying a bunch of automation tools without knowing quite how or why they are going to use them,” Wolpoff said.
Organizations that dive headfirst into implementing automation, whether government entities or not, will likely run into problems if they fail to plan with business objectives in mind.
“Automation isn’t a solution, it’s a force-multiplier,” explained Wolpoff. “If it’s not enabling your objectives, then you’re just adding a useless tool to your toolbox. My advice to government security teams planning to implement automation would be to sit down with leadership to discuss not only what you want to gain from automation, but where automation makes sense and what it will take to successfully implement.”
Three Tips to Deploy Automation Thoughtfully
Given the need for interoperability within and across the sundry components of different agencies, many conversations about automation will likely result in a green light for implementation. If that’s the case, Hahad offered these three steps security teams can take to overcome IT obstacles.
1. Start With Basic Tasks
Security teams should start by automating administrative tasks before implementing more advanced processes such as event-driven automation once IT departments gain experience.
Too often, organizations bite off more than they can chew when it comes to implementing automation tools, by either misdeploying them or deploying more than they can fully take advantage of. This will only further complicate processes.
2. Collaborate Across Agencies
Replacing legacy systems and deploying automation tools will require much closer collaboration across teams and agencies to identify which framework and architecture they should adopt. A lack of coordination will result in a patchwork of architectures, vendors and tools, which could produce significant gaps and redundancies.
3. Fully Embrace Automation
IT teams are traditionally hesitant to remove the human element from processes, fearing the system will block something critical and cause more problems. If an agency invests in automating its security tools, it should automate across the security processes — from detection and alerting to incident response. The more tasks automation can manage, the more teams will be empowered to complete higher-level work.
It’s important to identify the additional capabilities that don’t require a lot of heavy lifting but will result in saving both time and money. You can avoid unnecessary additional costs that will delay deployment by talking with other agencies that have gone through a similar process.
Depending on how deeply automated those organizations are, it may be appropriate to share experiences to streamline deployments. In the end, streamlining and simplifying programs for every team is the ultimate goal of automation.