With the global cybersecurity skills shortage hanging over them, CISOs are turning to security automation and orchestration technologies to improve staff productivity. This is happening faster and wider than most people realize.
According to ESG research, 19 percent of enterprise organizations have already deployed technologies for security automation and orchestration extensively, 39 percent have done so on a limited basis, and 26 percent are engaged in a project to automate/orchestrate security operations.
Why are folks doing this? ESG asked 412 cybersecurity and IT professionals to identify their organization’s priorities for security automation and orchestration. The top selections were as follows:
· 35 percent want to use security automation/orchestration technology to integrate external threat intelligence with internal security data collection and analysis. It’s natural to query these two sources as part of security investigations, but this was always a manual process in the past. The data suggests that organizations want to use security automation/orchestration tools to do the heavy lifting, streamlining the investigations workflow.
· 30 percent want to use security automation/orchestration technology to add functionality on top of existing tools. Typically, this functionality is centered on orchestrating workflows as part of things like security investigations, incident response, or remediation tasks.
· 29 percent want to use security automation/orchestration technology to automate basic remediation tasks. Things like automatically generating new firewall rules upon receiving a list of IoCs.