Oracle Management Cloud Blog covers the latest releases, customer stories, how-to guides and more.

  • June 25, 2018

Security Automation Is Critical

Vijay Tatkar
Director, Product Management

​Forrester made a case in a September 2017 report ("Overcoming SecOps Hurdles Decreases Risk While Improving DevOps Efficiency") that 30% companies cite lack of automation for integrations and configurations as a top challenge. The just released Oracle and KPMG Threat report also asserts that 84% of companies are committed to increased levels of security automation, but only 35% actively invest in such solutions (others are still in technical evaluation and planning stages). The mindset is changing from where IT and cybersecurity professionals were resistant to automating, to where it is now being viewed as a fundamental technology to efficiently respond to events and alerts. Automation promises operational efficiencies and to close up security gaps. Combined with Machine Learning, security automation can improve the agility of cybersecurity teams so they are not lagging behind their DevOps colleagues.

Clearly, there are some significant hurdles to overcome in order to achieve this. Dan Koloski has a recent opinion piece in Dark Reading that advocates for automation to be an essential part of the IT toolkit. Dan explores four possible barriers to its adoption:

  • Lack of confidence in decision making which is attributable to an upstream analytics problem
  • Not everything lends to automation. In particular, platform choices often hamper this freedom, but this really is a platform conversation opportunity where security experts should now be making recommendations that are mutually profitable to both SecOps as well as Development
  • Afraid of losing control. This cultural problem needs baby steps for confidence building and the suggestion is to start by automating forensics and lightweight remediation
  • Security vs DevOps. This is a classic problem now that automation is more readily accepted by developers than by Ops. So its best to partner up and combine the practices to build a smarter DevSecOps process

Dan concludes by observing that these problems are not inherently of automation and so represent a multi-pronged opportunity to fix and improve overall efficiencies. Indeed, today's overwhelmed cybersecurity professionals must rely on smart ML-driven analytics and combine them with automation to have a chance to go toe-to-toe with increasingly sophisticated hackers. Otherwise, this is a battle where we will quickly fall behind and lose.

Related Reading:

Better Security Analytics? Clean up the data first

Give Yourself an Edge: Use Machine Learning for Managing IT Operations

Automatic. Secure. Integrated. 




Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.