Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

Cybersecurity Automation: Leveling the Playing Field

By Leonard Kleinman, Field Chief Technology Officer (CTO) ) Cortex for Palo Alto Networks JAPAC

Many things challenge how we practice cybersecurity these days. Digital transformation has brought significant adoption of new technology and business models, including cloud solutions, e-commerce platforms, smart devices, and a significantly more distributed workforce. These, in turn, have brought with them an increase in new threats, risks, and cybercrime.

As organizations emerge post-pandemic, many of the risks and uncertainties manifested during that period will persist, including the hybrid workforce, supply chain risk, and other cybersecurity challenges.

Let’s look at some of these cybersecurity challenges and how automation can level the playing field.

Problem: not enough cybersecurity talent

A major contributor to the growing spate of cyberattacks is the lack of skilled cybersecurity personnel. The overall global numbers of experienced cybersecurity practitioners are low compared to the need for such practitioners to handle the cyberthreats that manifest across all industry sectors. While demand for practitioners continues to escalate, the growth in actual numbers is low, leading to the increasing deficit between demand and supply.

This contrasts significantly with the global cybersecurity market, which is expected to expand at a compound rate with more demand for solutions and products. The increasing number of cyberattacks, digital transformation changes, and talent shortages are contributing to this growth, and organizations are expected to acquire/deploy more advanced security solutions to detect, mitigate, and reduce the risk of cyberattacks.

Automation, AI, and vocation

Automation systems are everywhere—from the simple thermostats in our homes to hospital ventilators—and while automation and AI are not the same things, much has been integrated from AI and machine learning (ML) into security systems, enabling them to learn, sense, and stop cybersecurity threats automatically. So instead of just alerting us to a threat, an automated system would be able to act towards neutralizing it.

At its core, automation has a single purpose: to let machines perform repetitive, time-consuming, monotonous tasks. This, in turn, frees up our scarce human talent to focus on more important things or simply things that require the human touch. The result is a more efficient, cost-effective, and productive cyber workforce.

Even threat actors are themselves using automation to facilitate their attacks. The MyDoom worm, one of the fastest-spreading pieces of malware on the internet, uses automation to propagate and is estimated to have caused around $38 billion in damage. It is still spreading, but the surprising part is MyDoom is not new. Released in 2004, it can still be seen trolling the internet.

A persistent fear in cybersecurity is that automation is here to replace humans. While somewhat justified, the reality is that automation is here to augment humans in executing security operations and, in some cases, help organizations supplement and address the growing talent gap. As advanced as it may be perceived, automation will always be reliant on humans, completely configurable, and under the supervision of the security team. If anything, automation and AI are bringing forth new cybersecurity roles such as Algorithm Bias Auditor or Machine Risk Officer.

The benefits of automation

Automation can do many things, from detecting potential threats to containing and resolving threats. These actions take seconds and are largely independent of human intervention. Provided via security orchestration, automation, and response (SOAR), automation gives SOCs a significant boost in execution, significantly improving productivity and response. The Cost of a Data Breach 2022 Report highlights the role of automation in halving the cost of a data breach and reducing the time to identify and contain by 77 days.1

Orchestration provides the ability to activate the many tools in your operational environment, seamlessly connecting them via playbooks to undertake specific actions. This allows for a consistent, repeatable response process together with all the necessary information for your cyber practitioner, all in one place.

Additional efficiencies are derived from the AI/ML engine within SOAR, which can learn attributes from alerts and use that knowledge to prevent future attacks. Every alert and event handled are learned from for future purposes. Automation plays a significant role in terms of enabling an agile, proactive cybersecurity capability.

Most importantly, automation provides a better quality of life to your cybersecurity team, reducing alert fatigue and frustration and giving them back precious time. In the age of the Great Resignation, retention has become a significant issue.2 Retaining staff allows you to increase your ROI on people—acknowledging the significant investment organizations make through recruitment, ongoing training, and tacit knowledge learned on the job.

Automation helps organizations address the talent challenge. It also enables a greater ROI on your current tools and technology, bringing them into play as part of the orchestration process.

Where to start?

A prerequisite for automation begins with gathering and correlating data. Any good automation system requires good data to work efficiently and effectively. The more data sources, the better the quality of operations.

Aim to gather data from all aspects of your business environment, such as endpoint, network, and cloud. The AI/ML system within the automation platform makes analyzing and correlating all this data easier. These two components are what make cybersecurity automation possible.

Next, analyze your current standard operating procedures (SOPs), looking for regularly recurring activities/processes—ones that reduce workload and the risk of an overlooked alert. Look for tasks that do not deviate or vary in an unpredictable manner. These are prime candidates for automation.

Now, identify the tools that need to be orchestrated within those processes, along with the required APIs (or create them) to enable the integrations.

Finally, create your playbook. This gives you control over the process, providing you with the ability to consistently replicate and improve the process over time. Include any specific actions you require, the tool/s to perform, and any other additional tasks, e.g., block, notify, contain, etc.

Don’t drop the ball on automation

Cybersecurity is essential for any business in a digitally transformed world, protecting company data, its people, and its customers. However, just the implementation of cybersecurity will not be enough as our adversaries continue to innovate and get craftier in their approach.

As organizations continue to pursue digital transformation initiatives coupled with technology advances, the automation of cybersecurity is not just recommended—it is mandatory in leveling the playing field.

Learn more about the benefits of consolidation.

1. Cost of a Data Breach 2022 Report, IBM Security, July 2022. 

2. Paula Morgan, “Top Five Tips For Retaining Employees During The Great Resignation,” Forbes, August 4, 2022.

About Leonard Kleinman:

Len Kleinman is the Field Chief Technology Officer (CTO) – Cortex for Palo Alto Networks JAPAC focusing on critical industry sectors such as Government, Banking and Finance, Utilities, and Education. His mission is to work with executives and business stakeholders to make security a strategic priority that translates into business value and assist in the development of a risk-based cybersecurity culture aimed at protecting our digital lives.

Artificial Intelligence, IT Leadership, Machine Learning
Read More from This Article: Cybersecurity Automation: Leveling the Playing Field
Source: News

Category: NewsMarch 10, 2023
Tags: art

Post navigation

PreviousPrevious post:SAP-owned Qualtrics to be sold to Silver Lake, CPP Investments for $12.5 billionNextNext post:Assessing the impact of layoffs on Africa’s IT talent

Related posts

Barb Wixom and MIT CISR on managing data like a product
May 30, 2025
Avery Dennison takes culture-first approach to AI transformation
May 30, 2025
The agentic AI assist Stanford University cancer care staff needed
May 30, 2025
Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
May 30, 2025
“AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
May 30, 2025
“ROI는 어디에?” AI 도입을 재고하게 만드는 실패 사례
May 30, 2025
Recent Posts
  • Barb Wixom and MIT CISR on managing data like a product
  • Avery Dennison takes culture-first approach to AI transformation
  • The agentic AI assist Stanford University cancer care staff needed
  • Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
  • “AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.