Commentary|BY CODY CORNELL isco-founderandCEOof Swimlane, a firm specializing
in security automation and orchestration.
Stop overextending your cybersecurity staff
By spending precious staff hours on tasks that can be automated, organizations are risking team burnout and harm to the mission
   The proliferation of connected services and devices continues
to transform both professional and personal lives, but those valuable tools are also exerting unprecedented cybersecurity pressure on government agencies.
The rapid adoption of “smart” products — coupled with an explosion of hacks and breaches — has resulted in a critical shortage of skilled cybersecurity professionals.
When those positions go unfilled, the risk of breaches increases due to a lack of basic security hygiene, such as routine patching and maintenance, and an inability to respond to alarms fast enough, if
at all. Unfortunately, that vicious cycle isn’t going to end anytime soon, so finding ways to improve the reach and efficiency of existing cybersecurity IT professionals is a critical requirement that can benefit nearly any enterprise.
Automation technologies can increase operational efficiency within an organization’s security program and have a significant impact on staff utilization and effectiveness. The technologies free professionals to focus on
the significant items that need immediate, in-depth and hands-on attention.
Today’s security orchestration, automation and response technologies can create a more streamlined process for detecting and responding to cyberthreats, making a staff of any size more efficient and effective.
Because there appears to be no end to the onslaught of attacks
or bad actors’ ever-increasing
level of sophistication, new cybersecurity approaches that incorporate automation are quickly becoming must-have solutions. Instead of merely triggering one discrete remediation action after another, security teams should work to formalize, document and automate their standard operating
Using automation to free your existing cybersecurity team to do skilled work will naturally increase the team’s productivity.
procedures to the fullest extent possible.
Aligning automated actions with runbooks in an easy and intuitive way unlocks the ability to automate analyst activities — such as triage, prioritization and investigation — and significant efficiencies quickly emerge. From data collection
and consolidation to performing analysis, investigating incidents, communicating results and taking appropriate action, getting the job done involves executing the process and integrating with the right technology tools to make it happen in the most efficient way possible.
Employees often waste their time and expertise on time-consuming, repetitive tasks. Large parts of the incident response process can be tedious and do not take advantage of the extensive training that most security operations professionals have received.
By giving employees tools that automate the “basic” parts of their jobs, organizations can refocus their scarce time and apply their skills to bigger problems to achieve deeper, more effective results.
Using automation to free your existing cybersecurity team to do skilled work will naturally increase the team’s productivity and the likelihood that members will want to stay with your agency. Although automation will likely never completely remove people from the incident response process, it helps security professionals focus on critical areas and more effectively investigate and remediate threats.
When security operations professionals are relieved of a significant part of the manual burden tied to traditional incident response, they’ll have more time to focus on proactive security work, such as threat hunting.
Optimizing your incident response processes by streamlining workflows, automating unnecessary tasks and freeing employees to perform more expert- level work will allow agencies to improve the efficacy and value of their IT departments — even during a staffing shortage. n
CODY CORNELL
      September/October 2018 FCW.COM 13