Forrester made a case in a September 2017 report ("Overcoming SecOps Hurdles Decreases Risk While Improving DevOps Efficiency") that 30% companies cite lack of automation for integrations and configurations as a top challenge. The just released Oracle and KPMG Threat report also asserts that 84% of companies are committed to increased levels of security automation, but only 35% actively invest in such solutions (others are still in technical evaluation and planning stages). The mindset is changing from where IT and cybersecurity professionals were resistant to automating, to where it is now being viewed as a fundamental technology to efficiently respond to events and alerts. Automation promises operational efficiencies and to close up security gaps. Combined with Machine Learning, security automation can improve the agility of cybersecurity teams so they are not lagging behind their DevOps colleagues.
Clearly, there are some significant hurdles to overcome in order to achieve this. Dan Koloski has a recent opinion piece in Dark Reading that advocates for automation to be an essential part of the IT toolkit. Dan explores four possible barriers to its adoption:
Dan concludes by observing that these problems are not inherently of automation and so represent a multi-pronged opportunity to fix and improve overall efficiencies. Indeed, today's overwhelmed cybersecurity professionals must rely on smart ML-driven analytics and combine them with automation to have a chance to go toe-to-toe with increasingly sophisticated hackers. Otherwise, this is a battle where we will quickly fall behind and lose.