A typical FTSE 100 or Fortune 500 company has a vast and complex set of cybersecurity defenses in place; managed by multiple security operations teams spread across different business units and different geographies. A great deal of effort is put into securing an enterprise organization.
Yet, despite the high level of diligence and preparation, security teams still lack a common framework and a common language that they can use to share designs, processes and ideas.
This can be achieved by introducing automated workflows and processes based on a universal programmable language. However, the language must be accessible to all. It must be easy to understand and easy to write; so that information can be documented and shared amongst security professionals with different domain expertise.
It should also support a completely unbiased approach, rather than a closed, proprietary system. This would upset the delicate balance of the complex security ecosystems already in place in large organizations. Finally, the system needs to be modular by design so that it can accommodate the vast, and growing, number of cybersecurity tools that large enterprises amass over time.
IT and network operations teams have been using automated systems for some time. This is encouraging a culture of collaboration between different IT stakeholders. However, it’s an ongoing process and IT teams are always looking for the right combination of tools to support a comprehensive automation program.
With security becoming more tightly integrated with the IT department, security operations teams - operating on different protocols - now have an opportunity to embrace automation.
In recent years we’ve seen the posts of CIO and CTO elevated to boardroom level, with senior figures in IT now influencing corporate strategy. Due to a heightened awareness of cybersecurity, it won’t be long before the board looks to CSO and CISO executives for strategic direction.
If security executives are having conversations at the highest level of an organization, why shouldn’t security teams be having conversations across the entire business? With the right elements in place (universal language, unbiased system and a modular design) it’s possible to support a set of automated workflows and processes, that will unify security operations.
However, security isn’t just a single entity, it’s made up of different elements such as endpoint, network and data security. Managing a sprawling mass of people, processes and applications can be daunting prospect without having automated workloads in place.
Security automation offers an elegant solution to all of this by uniting the different security practices together using a set of automated workflows. This breaks down barriers and allows security professionals to provide colleagues with access to systems and applications. Security professionals can communicate with each other via automated scripts that contain explicit instructions on how to address specific tasks.
A system owner can provide as much access as is required to support wider enterprise security initiatives, safe in the knowledge that their systems will not be compromised or their authority undermined. However, without a common language in place, teams are faced with impenetrable code and terminology that only a developer can understand.
Consequently, security operations managers have greater visibility across the entire security function, while the teams themselves can interact, learn more about each other’s responsibilities, develop better relationships and share accountability. However, any reluctance in the past to share accountability was born out of security being a very siloed practice rather than a lack of trust.
There are several different frameworks organizations can choose from, but it would be more conducive if the automated system were based on open standards. The system would then be unbiased by virtue of its design. This enables security operations to develop structured workflows that can be integrated into existing SOAR platforms and SIEM applications, helping to bolster capabilities.
An effective and open security automation framework connects disparate systems from across the enterprise through automated workflows. Meaning that security professionals can design and build code that can be executed to drive new processes and reduce human error. Subsequently, security operations teams can perform a series of actions across different products and solutions much faster.
Automation enables security operations to foster a spirit of openness and collaboration. However, real change is also dependent on the human factor and the ability of once disparate teams to get around a table to discuss how they can work together to achieve common goals.