HOME
NEWS

Five Reasons Enterprises Aren't Getting the Most Out of Security Automation


By VARINDIA - 2018-07-18
Five Reasons Enterprises Aren't Getting the Most Out of Security Automation

Automation is enterprise cybersecurity's biggest buzzword as organizations seek to keep pace with a threat landscape that grows more frenetic by the hour. But as automation spending skyrockets, many enterprises are finding that they're not getting the most out of their investment. A new study uncovered that even as security experts are eager to reap the rewards of security automation deployments, there are a number of serious obstacles that must be addressed first.

 

The number one benefit organizations see out of automation-named by 64% of those surveyed for the study--is the increased productivity that they believe it squeezes out of IT security staffers. Number two was cited by 60% of respondents, who believe that automated correlation of threat behavior helps them address today's increased volume of threats. As a result, organizations are pouring money by the bucketful into automation and orchestration tools, hoping to make their employees more efficient and shorten the time it takes for them to detect and respond to incidents. According to one analyst estimate, the size of the security orchestration market alone will double in the next three years to become a $1.6 B play within the broader security market.

 

The trouble is that simply inserting your coin into the automated machine doesn't guarantee it's going to work the way you want it. Enterprises are running into five major issues in their bid to streamline security through automation, machine learning, artificial intelligence and orchestration.

 

Automation Blocker 1: Integration is Harder than they Think

 

Many security organizations today are struggling with automation due to integration issues on two fronts. First of all, they're having a hard time meshing security automation tools with legacy systems and architectures. Nearly two in three organizations say it is difficult integrating security automation technologies with existing IT systems. Not only that, but security teams are also straining to integrate numerous security automation tools into a cohesive security stack. Approximately 71% of respondents pointed to the inability to integrate disparate security tools as their top challenge in building an effective automated security architecture.

 

Automation Blocker 2: Vendor Sprawl is Killing Them

 

One of the reasons that integration is such a bugbear is that the best-of-breed approach is killing security teams with a bad case of security vendor sprawl. Around 59% of respondents reported a need to streamline the number of vendors in their architecture. This has increasingly been a point of contention for CISOs lately. This spring, venture capitalist Ken


Elephant, managing director at Sorenson Capital, estimated that in a straw pool of CISOs from major companies he was seeing an average of 80 security vendors under management.

 

"That may sound like an enviable position; so many vendors providing protection for a company’s business efforts," he wrote in an opinion piece for HelpNetSecurity. "But it signals that there is too much noise in the market. CISOs don’t want to manage 80 products - they want to have a holistic solution involving fewer vendors."

 

This reality was reflected in the Ponemon Study, which showed that as many as 63% of respondents leaned toward a solitary vendor or one single vendor with a few specialized products as their ideal solution for delivering security functionality in an ideal world. The other 37% wished for a mix of best-of-breed products interoperable through functional APIs.

 

Automation Blocker 4: They're Struggling to Scale Automation Across the Enterprise

 

As a corollary to the issue of vendor sprawl, organizations say that they're having a difficult time scaling automated security processes across the organization. With so many different security tools and integration problems, it should hardly be a surprise that 55% of respondents say their top barrier to successfully deploying security automation is their inability to apply controls that span across the enterprise. Nearly on par with that, 49% say another major barrier is the fact that they can't create a unified view of users across the enterprise.

 

This is probably why industry analysts are predicting another big surge of vendor consolidation for the security world in the next couple of years. For example, in its security spending predictions this year IDC says it believes that by 2020 30% of security spending will be on vendors that offer an integrated platform approach to security.

 

"This shift will happen partly because of budget, but mostly because of complexity. Reducing complexity by moving to integrated platforms, whether in the cloud or on-premises, supporting a hybrid environment, also provides the potential for enhanced security as companies will make gains in manageability and automation," says Sean Pike, program vice president for IDC's Security Products and Legal, Risk, and Compliance programs

 

Automation Blocker 3: Complexity Makes it Hard to Pick Processes Perfect for Automation

 

Complexity in security and IT architectures is also making it difficult for organizations to know exactly what they need to automate. Approximately 67% of respondents told researchers that the overall complexity of their organization's security automation is very high. And only 27% said they did a good job accurately identifying the areas in their security infrastructure that automation would create the most value.

 

Automation Blocker 5: There Aren't Enough Smart People to Design and Run Automated Tools

 

A big reason that organizations struggle to identify the right processes to automate is because that is a design issue, and design is the domain of humans-of which smart ones have been in very short supply for security teams lately. The lack of skilled security staff was named by survey respondents as the number one impediment to effective use of security automation today. About 57% said the top barrier to security automation is their inability to recruit knowledgeable or skilled personnel. And 34% said that the amount of staff it take to implement and maintain the tools stands in the way of solid security automation deployments.

 

The fact is that these tools don't install and run themselves. In fact, some of the best security automation tools are far more onerous to implement than traditional security offerings due to the fact that their complex machine learning and artificial intelligence engines require significant tuning and a great deal of expertise to make them work well. On top of that, whatever processes that are left behind because they can't be automated due to their complexity or need for human judgment or action are likely to be those which usually need to be carried out by experienced security operators. This is a problematic obstacle considering that some industry estimates show that within four years we'll be facing shortfall to the tune of 1.8 million cybersecurity professionals.

 

As a result, this study shows that the industry faces a bit of a contradiction when it comes to security automation and the security skills shortage. While many security vendors sell automated tools as a means to overcome this gap in the market of available cybersecurity talent, the depressing truth is that organizations can't automate their way out of good security team building. As Bitdefender Business Insights' own George Hulme described in a piece earlier this year about a different Ponemon study, organizations are actually finding that security automation is exacerbating the skills problem rather than relieve it.

 

In spite of the security skills paradox, organizations aren't going to let that deter them from reaching for the brass ring of security automation. There's too much to gain in other benefits to give up in the face of these challenges. According to this study, 70% of organizations questioned named security automation as very important for their organization's security posture today and 80% rated the importance of security automation as very high in the next two years.

 

Zakir Hussain
Director, BD soft, Country Partner of Bitdefender

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA