Concerns over lack of security automation

Huge demand for security automation driven by the growing number and sophistication of cyber threats, business transformation initiatives, and security change management.

  • Wednesday, 16th March 2016 Posted 8 years ago in by Phil Alsop
AlgoSec has published the results of its “State of Automation in Security” survey. The survey revealed that 83% of organizations want the use of automation to manage security processes to greatly increase over the next three years. 
 
Other key findings from the survey include:
 
·         Lack of automation causes outages and breaches. 20% of organizations experienced a security breach, 48% had an application outage and 42% had a network outage as a result of a misconfiguration caused by a manual security-related process.
 
·         Not enough automation. Only 15% of respondents reported that their security processes were highly automated.  Over 52% had some automation in place but felt that it was not enough, and 33% said they had little to no automation.
 
·         Motivations for automation abound, but so are concerns. The growing number of cyber threats, time spent performing security changes manually, and cloud and SDN projects were the top motivations for automation. However, concerns about accuracy, and the resources required to implement automation solutions, as well as difficulty driving organizational changes are inhibiting their proliferation.
 
·         Automation serves the business. Over 80% of respondents believe that automation will increase the overall security posture of their organizations. 75% of respondents think it will improve application availability, as well as enable them to process security policy changes faster and reduce errors. 75% also feel that automation will reduce audit preparation time and improve compliance. 50% believe that automation will help deal with the IT skills shortage and reliance on experienced security engineers.
 
In a recent report, Gartner analyst Lawrence Pingree noted that “In the past, security professionals have been fearful and skeptical of automation. This, however, is changing, because organizations are acknowledging that a "human response" cannot react fast enough, which is compounded by the fact that there are not enough security practitioners in end-user organizations to perform manual human responses to threats”.
 
“Despite the increased focus and resources devoted to cyber security, security processes remain highly manual, with security engineers spending valuable time ‘keeping the lights on’ instead of focusing on business transformation initiatives,” said Nimmy Reichenberg, VP of Marketing and Strategy at AlgoSec. “The survey findings show that respondents believe that automation can alleviate some of the pressures on security professionals, allowing for improved agility and security. Yet, for automation to be truly effective, it must be a top down initiative, driven by senior executives, in order to ensure a uniform, structured and realistic approach to its implementation across the organization.”