IT automation has become an increasingly critical tool used by enterprises around the world to strengthen their security posture and mitigate the cybersecurity skills shortage. But most organizations don’t know how, when or where to automate effectively, as noted in a recent report by Juniper Networks and the Ponemon Institute.

According to “The Challenge of Building the Right Security Automation Architecture,” only 35 percent of organizations have employees on hand who are experienced enough to respond to threats using automation. The majority of organizations (71 percent) ranked integrating disparate security technologies as the primary obstacle they have yet to overcome as they work toward an effective security automation architecture.

The report pointed out that the U.S. government is likely to struggle with IT automation as well, but there is much that it can learn from the private sector to help streamline the process.

How Hard Can IT Automation Be?

According to the study’s findings, enterprises are struggling to implement automation tools because of the lack of expertise currently available.

Juniper’s head of threat research, Mounir Hahad, and its head of federal strategy, David Mihelcic, said the U.S. government will “definitely struggle with automation as much, if not more than the private sector.”

About half (54 percent) of the survey’s respondents reported that detecting and responding to threats is made easier with automation technologies. Of the 1,859 IT and IT security practitioners in the U.S., the U.K., Germany and France, 64 percent found a correlation between automation and the increased productivity of security personnel.

Be Cautiously Optimistic

Indeed, there is good news for government security teams. Technology Modernization Fund (TMF) awards are now available as an initiative of the Modernizing Government Technology Act (MGT). The Departments of Energy, Agriculture, and Housing and Urban Development were the first three agencies to receive a combined total of $45 million in TMFs, according to FedScoop.

More government agencies will likely apply for some of the $55 million that remains available for 2018. While there’s a strong likelihood that agencies will continue to invest in automation with some portion of these funds, Juniper Networks warned that they shouldn’t expect an easy deployment.

“The cybercrime landscape is incredibly vast, organized and automated — cybercriminals have deep pockets and no rules, so they set the bar,” said Amy James, director of security portfolio marketing at Juniper Networks, in a press release. “Organizations need to level the playing field. You simply cannot have manual security solutions and expect to successfully battle cybercriminals, much less get ahead of their next moves. Automation is crucial.”

Why Automate?

With so many IT teams unable to recruit sufficient talent to implement automation tools, David “Moose” Wolpoff, chief technology officer (CTO) and co-founder of Randori, questioned why organizations are considering them as part of their security infrastructure in the first place.

“Based on [Juniper’s] findings, I get the impression that government entities may be feeling the same way, buying a bunch of automation tools without knowing quite how or why they are going to use them,” Wolpoff said.

Organizations that dive headfirst into implementing automation, whether government entities or not, will likely run into problems if they fail to plan with business objectives in mind.

“Automation isn’t a solution, it’s a force-multiplier,” explained Wolpoff. “If it’s not enabling your objectives, then you’re just adding a useless tool to your toolbox. My advice to government security teams planning to implement automation would be to sit down with leadership to discuss not only what you want to gain from automation, but where automation makes sense and what it will take to successfully implement.”

Three Tips to Deploy Automation Thoughtfully

Given the need for interoperability within and across the sundry components of different agencies, many conversations about automation will likely result in a green light for implementation. If that’s the case, Hahad offered these three steps security teams can take to overcome IT obstacles.

1. Start With Basic Tasks

Security teams should start by automating administrative tasks before implementing more advanced processes such as event-driven automation once IT departments gain experience.

Too often, organizations bite off more than they can chew when it comes to implementing automation tools, by either misdeploying them or deploying more than they can fully take advantage of. This will only further complicate processes.

2. Collaborate Across Agencies

Replacing legacy systems and deploying automation tools will require much closer collaboration across teams and agencies to identify which framework and architecture they should adopt. A lack of coordination will result in a patchwork of architectures, vendors and tools, which could produce significant gaps and redundancies.

3. Fully Embrace Automation

IT teams are traditionally hesitant to remove the human element from processes, fearing the system will block something critical and cause more problems. If an agency invests in automating its security tools, it should automate across the security processes — from detection and alerting to incident response. The more tasks automation can manage, the more teams will be empowered to complete higher-level work.

It’s important to identify the additional capabilities that don’t require a lot of heavy lifting but will result in saving both time and money. You can avoid unnecessary additional costs that will delay deployment by talking with other agencies that have gone through a similar process.

Depending on how deeply automated those organizations are, it may be appropriate to share experiences to streamline deployments. In the end, streamlining and simplifying programs for every team is the ultimate goal of automation.

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…