In football, planning every move down to the smallest details is everything. Any coach worth his or her salt has a playbook of strategies and every move, as impulsive as it may seem, has been carefully calculated with perfect “If this, then that” precision, before it ever took place. Yet, although every play has been pre-charted, effective execution relies on the adaptability of players in the moment and a keen understanding of the adjustments that need to be made “in game”.
When it comes to the security of corporate data, it’s not all that different from football. In order to be ready for anything that comes your way, all aspects need to be planned and mapped out beforehand, automated with a predetermined course of action – in the vernacular, “IFTTT”. This security playbook is called automation and it’s an imperative part of keeping all parts of a security operation workflow moving together in precise and accurate motion.
Automation: It’s not all or nothing
In the complex corporate security environment, automation is increasingly the “go-to” answer for organizations lost in a sea of alerts, logs and data. For many, it’s the only way to address their most critical processes and it’s what keeps them moving from task to task in a fluid manner. But there is a danger in putting too much faith into automation and orchestration alone. Organizations often turn to automation looking for a technological cure-all for their security woes, but while they are very good at what they do (at least theoretically), many security professionals are wary of handing off their most critical processes to a black box that cannot make up for the human intellect element.
Machines are not people and as such, do not waiver from their predetermined playbooks, sometimes to the detriment of the goal at hand – that of keeping corporate data secure. As Gartner security analyst Anton Chuvakin points out. “There is – at this stage of security technology development, at least – GOOD AUTOMATION and EVIL AUTOMATION. Longer term, we will certainly see more automation and more domains of information security (cybersecurity, if you have to) covered by automation, BUT I’d be willing to bet anything that the profession of a security analyst will never be full automated.”1
Comments
Post a Comment