A lack of automation in cybersecurity controls is leading to increased breaches and other incidents—which in turn is prepping the way for a big spike in automation investment.
According to AlgoSec’s State of Automation in Security survey, 20% of organizations had a security breach, 48% had an application outage and 42% a network outage in the last year resulting from errors during manual security-related processes.
This is all leading to an awareness that manual processes can’t keep up with the accelerating threat landscape: 80% of respondents believe that automation will increase the overall security posture of their organizations, while 75% think it will improve application availability, reduce errors and enable them to process security policy changes faster. And as a result, 83% of organizations stated that the use of automation for managing security processes needs to increase over the next three years.
In a recent report, Gartner analyst Lawrence Pingree noted that “In the past, security professionals have been fearful and skeptical of automation. This, however, is changing, because organizations are acknowledging that a human response cannot react fast enough, which is compounded by the fact that there are not enough security practitioners in end-user organizations to perform manual human responses to threats.”
Overall, the growing number of cyber threats, time spent performing security changes manually, and cloud and SDN projects were the top motivations for automation.
Implementing automation is so far a nascent activity: Only 15% of respondents reported that their security processes were highly automated. Over 52% had some automation in place but felt that it was not enough, and 33% said they had little to no automation. Concerns about accuracy, and the resources required to implement automation solutions, as well as difficulty driving organizational changes, are inhibiting its proliferation.
“Despite the increased focus and resources devoted to cybersecurity, security processes remain highly manual, with security engineers spending valuable time ‘keeping the lights on’ instead of focusing on business transformation initiatives,” said Nimmy Reichenberg, vice president of marketing and strategy at AlgoSec. “The survey findings show that respondents believe that automation can alleviate some of the pressures on security professionals, allowing for improved agility and security. Yet, for automation to be truly effective, it must be a top down initiative, driven by senior executives, in order to ensure a uniform, structured and realistic approach to its implementation across the organization.”
Photo © Praphan Kampala