A Cost-Efficient Approach to Security Automation

Technology is bringing efficiencies to businesses at an accelerated pace; securing that technology can seem like a daunting challenge. With the mounting number of alerts and false positives, sifting through the data can cost more work hours than many organizations have to spare. How can you use the promising power of automation in a way that doesn’t push your organization’s spending into the red?

Automation is the process of transforming a job or task that a person performs into a programmatic action a computer carries out with little or no supervision. These tasks can vary in complexity, from sending a text message when your pizza arrives, to orchestrating the assembly of a car, or maneuvering a cargo ship with precise accuracy. In each case, a bet is made that it can be done better, faster, or cheaper without direct human interaction.

Currently, implementations primarily leverage tailored security automation technology deployed alongside an existing security stack. This approach could be seen as short-sighted for a couple of reasons: (1) the cost of a security-only technology, deployed on traditional server infrastructure creates challenges for a business case made on the idea of efficacy and cost reduction and (2) the needs of security automation are not unique enough to require an implementation that is wholly different. Just as the security information and event management technology category has seen a shift from security-specific implementations to cross-functional tooling.

Historically, automation within cybersecurity centered on automatically blocking threats at the firewall. Though the industry has evolved past this narrow paradigm, automation in security still follows the same workflow process. First, you have a triggering event, which could be a new indicator of compromise or an output from conducting some type of security analysis. Second, you have a well-defined process, usually called a playbook, that orchestrates individual actions. These actions vary depending on the triggering event and how your playbook is set up, but they should further the automation process. Finally, an audit trail describes the task that was just undertaken. 

Let’s pause here to review our list: triggers, playbooks, actions, and auditing. Nothing stands out as necessarily cybersecurity specific. Given this, if automation already exists in a meaningful way in other parts of your organization, are there existing tools that your security team could use to meet your automation requirements without adding the cost and overhead of an entirely new technology? 

Many approaches are used to create a security automation capability at low or no additional cost—the one focused on here involves integrating your automation approach with your cloud environment. Since most organizations have extended their IT boundary by moving into a cloud or hybrid cloud model with one or more cloud service providers (CSP), this is a great place to start looking at existing tools to explore a low-cost approach to automation.

Many organizations already have a trusted relationship with a CSP, including routing between the CSP resources and on-premise resources. With proper configuration, you can leverage your CSP’s software as a service as a method of creating a security automation capability that relies only on those services. Services have the advantage of vendor-assured high availability and require no customer-supported infrastructure or software to maintain. By just removing the licensing, infrastructure, and operational support cost, there could be a savings of hundreds of thousands or millions of dollars annually.

Using your current relationship with your trusted CSP is just one of many areas where organizations can leverage existing enterprise tools and vendor relationships to rethink how they approach automating security functions. The resulting capability from the CSP example is cross-functional, employing minimal or no net-new static infrastructure. The benefit for you, when compared to security-specific automation technologies, is a drastic reduction in capital expenditure and maintenance cost.

Rather than incurring the high costs of buying or developing more security automation solutions, you can find ways to use existing technologies and services within your organization to help automate your security functions. Utilizing a different approach to security automation can help you leverage its power strategically, so you can focus on what’s important, your business.