#GartnerSEC: How to Make Automation Decisions for Security

Written by

The topic of the ability to use automation techniques, and make decisions based on risk and security that are suitable for your business, opened the annual European Gartner Security and Risk Management Summit.

In a keynote address, Gartner analysts Nader Henein, David Mahdi and Katell Thielemann talked of the firms new “Automation Continuum” linear scale, which Thielemann, a VP analyst, said would help “apply automation choices.”

Opening the keynote, she said that one word to describe global forces is “uncertainty” in geo-politics, economics and business models. 

She added that “just as automation is at the heart of digital transformation,” it should be at the center of security and risk management, as it can enable access to a wide spectrum of capabilities.

Senior director analyst David Mahdi said that “automation is not binary” and security professionals should look for “augmented security” as this leverages machine learning to support decisions and take actions. “It involves humans and machines working together to improve security decision making,” he argued.

Mahdi also said that the concept of Security Orchestration, Automation and Response is “gaining traction in the market” but the “reality is products don’t have enterprise grade APIs” so he called on delegates to demand this going forward, “and unlock the opportunity as we move toward integrated automation.”

He also acknowledged the risks in automation, such as if a misconfiguration in cloud could be replicated “adding a nightmare for you and a goldmine for attackers.”

Nader Henein, senior director analyst, concluded by saying that Gartner “sees hundreds of examples where the Automation Continuum can be used to make decisions,” and that automation is especially prevalent in DevSecOps.

Thielemann said that there are “downsides of hype versus reality” and that is why it is important to make good decisions on automation and the Continuum can help.”

What’s hot on Infosecurity Magazine?