Overcoming 'Security as a Silo'
with Orchestration and Automation
When teams work in silos, the
result is friction and miscommunication. Automation changes that.
continues to evolve, adapt, and innovate, there has been a consistent,
underlying theme across the industry: Teams are struggling to balance their
increasing workloads with the limited resources at their disposal. As a result,
it is becoming progressively more difficult for them to accomplish their goals.
However, a lesser-known problem has risen, which I like to refer to as a
different kind of SaaS: "security as a silo."
It should come as no surprise that large organizations often struggle with teams
working in silos. This creates friction and miscommunication, essentially
serving as barriers that hinder the accomplishment of important goals. In many
respects, security is no different from other business functions this way. But a
few organizations have figured out how to utilize specific technologies to
increase productivity, efficiency, and effectiveness among employees and
The DevOps Revolution
It wasn't long ago when software development and IT operations were siloed
themselves. Each function was responsible for specific tasks: developers coded
and built software, while IT operations deployed and delivered it. However, this
method of software development and delivery wasn't time- or cost-effective,
especially as the tech landscape continued to change. Teams were expected to
build fast, and deliver even faster, leading to a dev and ops breakdown.
Some good did come out of this, as the heavy stream of security fire drills
paved the way for a revolution known as orchestration and automation, which in
turn led to the birth of DevOps. With a simple purpose of a single team
building, deploying, and delivering software, DevOps changed the game.
The Precipice of Change for Infosec
It's no secret that security teams are distressed, and many suffer the same
challenges that developers and operations teams did before the birth of DevOps.
To make matters worse, they are inundated with false positives that need to be
investigated, causing teams to chase down logs and other intel, only to find
that there's not an actual threat. Meanwhile, alerts that do pose a real danger
may not be investigated fast enough or at all.
The threat landscape is growing exponentially, and bad actors are more creative
than ever — think Mirai, botnets, and unique malware. It's increasingly
difficult for defenders to keep up, let alone get ahead of these threats.
Security is reaching an inflection point again, and just as security
orchestration and automation solutions brought change to software development
and IT operations, it will bring change to security operations (SecOps).
The Great Uniters — Orchestration and Automation
As an industry, it's time that we invested in technologies and methodologies
that will enhance our tools, processes, and people. We know that orchestration
and automation were critical technologies for DevOps to succeed. Why not bring
these same concepts to SecOps?
Orchestration unites disparate systems and tools, while also paving the way for
machine-to-machine automation. Machines are fantastic at handling a series of
repetitive tasks, while humans are great at deriving context from data. Why not
offload these repetitive tasks to machines and allow humans to focus on data
Therein lies the beauty of automation — and coupled with orchestration, it can
be extremely flexible. So, what does this mean for security as a whole? Some
initial benefits include:
The security function is streamlined and
Defenders can get ahead and aren't
constantly working from behind.
The industry is stronger, more connected
and more effective.
The way is paved for unity amongst IT
Given the well-known cybersecurity shortage and budget constraints, adding
automation to security operations seems unachievable for many organizations, but
that doesn't have to be the case. These types of technologies are becoming
increasingly accessible for businesses of all sizes, and there is more clarity
around which operations should be automated and which require human interaction
at some level. Ultimately, the goal is simple — provide security teams with the
fastest way to add automation to security processes.
This article was originally published on