Automation is enterprise cybersecurity's biggest buzzword as organizations seek to keep pace with a threat landscape that grows more frenetic by the hour. But as automation spending skyrockets, many enterprises are finding that they're not getting the most out of their investment.
A new study out last week from Ponemon Institute uncovered that even as security experts are eager to reap the rewards of security automation deployments, there are a number of serious obstacles that must be addressed first.
The number one benefit organizations see out of automation—named by 64% of those surveyed for the study--is the increased productivity that they believe it squeezes out of IT security staffers. Number two was cited by 60% of respondents, who believe that automated correlation of threat behavior helps them address today's increased volume of threats.
As a result, organizations are pouring money by the bucketful into automation and orchestration tools, hoping to make their employees more efficient and shorten the time it takes for them to detect and respond to incidents. According to one analyst estimate, the size of the security orchestration market alone will double in the next three years to become a $1.6 B play within the broader security market.
The trouble is that simply inserting your coin into the automated machine doesn't guarantee it's going to work the way you want it. Enterprises are running into five major issues in their bid to streamline security through automation, machine learning, artificial intelligence and orchestration.
Automation Blocker 1: Integration is Harder than they Think
Many security organizations today are struggling with automation due to integration issues on two fronts. First of all, they're having a hard time meshing security automation tools with legacy systems and architectures. Nearly two in three organizations say it is difficult integrating security automation technologies with existing IT systems. Not only that, but security teams are also straining to integrate numerous security automation tools into a cohesive security stack. Approximately 71% of respondents pointed to the inability to integrate disparate security tools as their top challenge in building an effective automated security architecture.
Automation Blocker 2: Vendor Sprawl is Killing Them
One of the reasons that integration is such a bugbear is that the best-of-breed approach is killing security teams with a bad case of security vendor sprawl. Around 59% of respondents reported a need to streamline the number of vendors in their architecture. This has increasingly been a point of contention for CISOs lately. This spring, venture capitalist Ken Elephant, managing director at Sorenson Capital, estimated that in a straw pool of CISOs from major companies he was seeing an average of 80 security vendors under management.
"That may sound like an enviable position; so many vendors providing protection for a company’s business efforts," he wrote in an opinion piece for HelpNetSecurity. "But it signals that there is too much noise in the market. CISOs don’t want to manage 80 products — they want to have a holistic solution involving fewer vendors."
This reality was reflected in the Ponemon Study, which showed that as many as 63% of respondents leaned toward a solitary vendor or one single vendor with a few specialized products as their ideal solution for delivering security functionality in an ideal world. The other 37% wished for a mix of best-of-breed products interoperable through functional APIs.
Automation Blocker 4: They're Struggling to Scale Automation Across the Enterprise
As a corollary to the issue of vendor sprawl, organizations say that they're having a difficult time scaling automated security processes across the organization. With so many different security tools and integration problems, it should hardly be a surprise that 55% of respondents say their top barrier to successfully deploying security automation is their inability to apply controls that span across the enterprise. Nearly on par with that, 49% say another major barrier is the fact that they can't create a unified view of users across the enterprise.
This is probably why industry analysts are predicting another big surge of vendor consolidation for the security world in the next couple of years. For example, in its security spending predictions this year IDC says it believes that by 2020 30% of security spending will be on vendors that offer an integrated platform approach to security.
"This shift will happen partly because of budget, but mostly because of complexity. Reducing complexity by moving to integrated platforms, whether in the cloud or on-premises, supporting a hybrid environment, also provides the potential for enhanced security as companies will make gains in manageability and automation," says Sean Pike, program vice president for IDC's Security Products and Legal, Risk, and Compliance programs
Automation Blocker 3: Complexity Makes it Hard to Pick Processes Perfect for Automation
Complexity in security and IT architectures is also making it difficult for organizations to know exactly what they need to automate. Approximately 67% of respondents told researchers that the overall complexity of their organization's security automation is very high. And only 27% said they did a good job accurately identifying the areas in their security infrastructure that automation would create the most value.
Automation Blocker 5: There Aren't Enough Smart People to Design and Run Automated Tools
A big reason that organizations struggle to identify the right processes to automate is because that is a design issue, and design is the domain of humans—of which smart ones have been in very short supply for security teams lately. The lack of skilled security staff was named by survey respondents as the number one impediment to effective use of security automation today. About 57% said the top barrier to security automation is their inability to recruit knowledgeable or skilled personnel. And 34% said that the amount of staff it take to implement and maintain the tools stands in the way of solid security automation deployments.
The fact is that these tools don't install and run themselves. In fact, some of the best security automation tools are far more onerous to implement than traditional security offerings due to the fact that their complex machine learning and artificial intelligence engines require significant tuning and a great deal of expertise to make them work well. On top of that, whatever processes that are left behind because they can't be automated due to their complexity or need for human judgment or action are likely to be those which usually need to be carried out by experienced security operators.
This is a problematic obstacle considering that some industry estimates show that within four years we'll be facing shortfall to the tune of 1.8 million cybersecurity professionals
As a result, this study shows that the industry faces a bit of a contradiction when it comes to security automation and the security skills shortage. While many security vendors sell automated tools as a means to overcome this gap in the market of available cybersecurity talent, the depressing truth is that organizations can't automate their way out of good security team building.
As Bitdefender Business Insights' own George Hulme described in a piece earlier this year about a different Ponemon study, organizations are actually finding that security automation is exacerbating the skills problem rather than relieve it.
In spite of the security skills paradox, organizations aren't going to let that deter them from reaching for the brass ring of security automation. There's too much to gain in other benefits to give up in the face of these challenges. According to this study, 70% of organizations questioned named security automation as very important for their organization's security posture today and 80% rated the importance of security automation as very high in the next two years.