Security Automation and Orchestration

It’s no secret that security operations are under fire. In most enterprises, the only thing standing between a normal day and a financially devastating data breach is the security analyst. Yet, despite decades of investment in cyber security protection, detection, and intelligence tools, the analyst lacks a centralized software platform to operationalize all of this data in time to effectively prevent breaches from occurring. Drowning in a sea of alerts, and with the business on the line, SOC analysts are desperately seeking solutions. Automation is being hailed as the answer.
But what does “security automation” really mean?
Security Automation is only one facet of Security Orchestration
Among cyber professionals, orchestration and automation are frequently used interchangeably. Some have positioned orchestration as the “next” phase of automation. It’s no wonder security leaders are confused.
In our review of the landscape, almost all automation point solutions simply remediate individual, low level alerts. The idea is that this will offload a portion of the analyst workload to free up time to investigate the important stuff. But with what tool?
To be clear, automating the response to low level, false positive, and duplicate alerts is just one piece of orchestration. The list of individual processes that can be automated is growing. And effective automation simplifies routine tasks to execute them with far more efficiency. Yet, even the most advanced automation systems filter only a percentage of security alerts that register on a company’s network.
Read full blog- https://www.siemplify.co/blog/security-orchestration-automation-myth-unmanned-soc
