Post written by
Rishi Bhargava
Rishi Bhargava is Co-founder and VP, Marketing for Demisto. Previously, Rishi was VP and GM of the Software Defined Datacenter at Intel
In recent years, huge strides have been made in the field of security automation. There are now numerous solutions that use automation for streamlining incident response and orchestrating across security products, allowing analysts to be more productive and effective.
Automation of processes that involve routine, repetitive work can help organizations detect, block or remediate cyber attacks. However, there is still a certain amount of confusion over the difference between automation and automatic. Although often used interchangeably, the terms are not synonymous.
Automatic Or Automated?
An automatic activity takes humans out of the loop and gives a machine complete control over the incident. Without human oversight, the possibility exists that the results could be incorrect, increasing the potential for the organization to suffer major damage.
Automation is the process of expediting actions by allowing the machine to handle certain tasks, typically the routine, repetitive chores that can consume an inordinate amount of the analyst’s time. As part of security orchestration, automation can reduce reaction times without forcing humans to relinquish control. Humans can exercise their own judgment when making decisions or when intervention is deemed necessary.
Despite the strides that have been made in security automation, it is still a relatively new technology. As such, there are still shortcomings that must be addressed before an organization can trust its cybersecurity completely to machines. Skilled, experienced cybersecurity professionals are still very much needed and will be needed for the foreseeable future. There are times when the judgment, knowledge and experience of a human will be essential for incident response orchestration. Although no one doubts that incident response will become increasingly automated, it is not yet possible to put cybersecurity on autopilot and allow the machines to have full control.
The Human Element Is Still Needed
The human element is often needed to ensure compliance with existing and future statutes. Even with AI, machines are not yet a substitute for human input when it comes to evaluating the impact of a breach. There are breaches that require that the appropriate authorities and/or affected parties be notified within a specific time. However, until an organization has assessed the severity and scope of the breach, it is impossible to determine which notification laws apply.