Anyone who has spent time on repetitive, manual tasks understands how tedious and cumbersome this work can be and how errors are commonplace. If only machines could do this work for us. This is the promise of automation: the application of technology, programs, robotics or processes to achieve outcomes with minimal human input.

Automation makes formerly arduous, time-intensive processes complete in a fraction of the time, revolutionizing entire industries. One of the best-known examples was the introduction of spreadsheets, which replaced manual bookkeeping and fundamentally changed the nature of the accounting industry worldwide. Likewise, approximately three-fourths of current trading on the U.S. stock market is done through automation.

For years, security veterans feared the automation “cure” could be worse than the disease, simply making mistakes more quickly or otherwise yielding unintended consequences. It was only a matter of time until the technology matured to the point that its benefits became undeniable. This is perhaps most notably shown by the adoption of Security Orchestration, Automation and Response (SOAR) platforms, which improve response times, address the security skills gap, and reduce complexity.

Adoption to date has already driven significant improvements. In a recent study by the Ponemon Institute, automation stood out as a differentiator for companies with high cyber resilience. In fact, 55% of high performers in the study stated their cyber resilience improved due to the implementation of automation tools, compared to 37% of other organizations.

Here, we examine the hype around automation and share some common automation pitfalls to help you avoid them.

Realities of Automation

Given the promise of automation, it is tempting to dive headfirst into solving an initial use case (like phishing) without considering broader people, process and technology considerations. The downside to jumping into the deep end can range from architectural mistakes that are expensive to undo, to unintended consequences from executing ill-informed actions.

Automation benefits may be proven and widespread, but there are several realities to know, such as:

Automation takes time. Automation is not an easy fix that happens overnight by deploying some software. Rather, automation requires an investment in time and resources in order to maximize its benefits. One of the most important prerequisites of automation for any organization is understanding its processes, which are usually more complex and unique than it seems. A clear view of the current state is needed in order to identify processes and tasks to automate. Yet, it is not always attainable. According to the Ponemon Cyber Resilient Organization study, only 40% of organizations use attack-specific playbooks, which outline the step-by-step response to specific attacks like malware or phishing.

Out-of-the-box playbooks are typically generic, requiring time and skill to be customized to a company’s unique standard operating procedures. This may require new skills, such as business process expertise to help define process flows or Python coding skills to tune an integration. The most successful automation projects are journeys. Organizations crawl, walk and run their way to continuous improvement.

Automation is not free. A common notion exists that automation is “free.” This can be misinterpreted given the ease with which third-party security and IT tool integrations can be downloaded and installed. The truth, however, is these integrations typically require customization to be effective given the uniqueness of an organization’s IT environment. In its report “Make Sure Your Organization Is Mature Enough for SOAR,” Gartner observed that “it is a fallacy to believe that automation-based vendor products can work effectively without customization.”

Even “free” customizations to address this reality have a shelf life. Sooner or later they break because the tool it integrates with changes, something else in the infrastructure changes, processes need to be updated, or any number of other reasons given all the moving parts.

Automation won’t eliminate people. Very few use cases can be automated end-to-end without human intervention. At some point, people typically provide interpretation and analysis of the best course of action. For example, in a ransomware incident, people should validate the presence of backups and determine if paying the ransom is an option. In other cases, you simply want to document approvals before taking certain actions.

In addition, automation of manual tasks helps to free up security analysts to focus on higher value activities. For example, many of the initial steps can be completed automatically during incident investigation. They provide the security analyst valuable insight from the moment they first start working on the incident and helping inform the next step.

Automation is just one piece of SOAR

Used effectively, automation can be an incredibly powerful tool in accelerating incident response. However, it is important to keep in mind that automation is just the “A” in SOAR.

In our next article, we’ll talk about how to leverage automation as part of a broader SOAR strategy that can not only drive new levels of efficiency but actually transform security’s relationship to the organization.

To learn more about automation and the journey to SOAR, join the upcoming webinar “SOAR Automation – How does it really work?” at 11 am (EDT) August 25, 2020. Listen to the experts and myself discuss automation in more detail.

More from Application Security

Securing Your SAP Environments: Going Beyond Access Control

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating privileges for remote code execution all highlight the new and varied entry points threat actors have taken advantage of. Attackers with the appropriate skills could be able to exploit…

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought. I brought up…

3 Reasons Why Technology Integration Matters

As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech. Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.  So what…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…