Think you’re using AI effectively in security? You’re probably not, says security expert

Nearly 60 per cent of businesses have automated their security and incident response tools, but only at a very minimal level, according to a new SANS Institute study.

The D3 Security sponsored study on automation and integration indicates that while most respondents agree automation isn’t killing jobs in the security field, few have gone past automating the most basic and repetitive tasks. But the low hanging fruit yields quick, measurable results, says Stan Engelbrecht, D3 Security’s director of cybersecurity practice, and gives skilled staff more time to focus on bigger picture items.

“There’s a lot of manual clicks and copy and pasting that doesn’t need to happen,” he says.

What metrics are needed to capture the state of automation?
The level of automation for key tools. Source: 2019 SANS Automation & Integration Survey.

But outside of those repetitive tasks, security teams are having a hard time convincing executives to invest in more sophisticated automation that allows for real-time analytics and endpoint device management. Nearly 60 per cent of the 218 technology professionals – 70 per cent of whom described themselves as security pros, the rest are categorized as analysts and upper management – claimed budget restrictions were the number one concern around automation. That was very closely followed by resource constraints and lack of integration standards.

“If you are going to automate, this has to come from the top down. If there isn’t an executive management buy-in, it won’t work,” says Engelbrecht.

In a nutshell, everyone’s level of automation is relatively low, few are innovating at a high level, and most businesses are heading into the middle. No one is using AI and machine learning.

AI not there yet, not even close

“I have not seen good implementation of AI or machine learning, where you’re actually able to prove and show exactly what it’s doing,” says Engelbrecht.

But there shouldn’t be any rush to try and achieve this. In fact, before integrating basic automation, companies should start by creating a playbook, a collection of processes and operating procedures that conform with the policies and culture of an organization, something respondents had trouble doing in their open-ended responses, the study notes.

Fast-tracking automation can actually be dangerous, explains Engelbrecht. The toughest, most malicious cases still need hands-on, critical thinking from a security analyst. If he or she is suddenly cut off from the flow of information, bad habits are sure to form.

More than 57 per cent of respondents anticipate changes to the focus of their use of automation in the next 12 months. Nearly 30 per cent remain unsure. The banking industry has been far more successful at integrating automation, according to Engelbrecht.

“When you walk into a bank and having a lot of those early conversations, that whole process, and knowing what exactly that needs to be automated, is easy,” he notes. “Healthcare is another good example. They’re getting better, but still behind the curve.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Alex Coop
Alex Coophttp://www.itwc.ca
Former Editorial Director for IT World Canada and its sister publications.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now