Security automation: 4 factors to consider

Automation can help bolster your organization's security, but before you talk strategy, you need to talk numbers. Here's how to start the conversation
1 reader likes this.

Security automation is like a wedding: You can make it as big and grandiose as you want it to be – if you have the budget.

There are hundreds of ways to leverage security automation to simplify tedious processes, improve the detection of and response to security threats, and free up staff for more productive purposes.

What we see time and again, however, is that organizations don’t have a concept of how expensive it is to adopt security automation – the bride may want to ride into the ceremony on a white stallion, but the budget only leaves room for a pony.

If you’re wondering how to leverage security automation, start by determining your budget. The cost conversation dictates how organizations use automation – or whether they use it at all.

Here are four factors to keep in mind when considering a security automation strategy:

1. Understand how vendors price actions and how this affects license count

The utopia of security automation is gaining real-time or near-real-time responses to critical offenses that can carry dire consequences for your organization. Automation allows you to react immediately to an event, stop an attack in its tracks, and take the necessary steps to get back online as fast as possible.

[ Related read: Why 2023 is the time to consider security automation. ]

It sounds ideal, especially for enterprises dealing with thousands of event alerts daily and needing a streamlined way to ingest data and operationalize responses.

However, security automation comes with a tangible cost. Most security orchestration, automation, and response solutions (SOARs) are priced based on the number of actions they are automating – which can be an aggregate number of automations per day (typically starting at 400 automations), or separate licenses for each automation.

Each automation license can run an organization ~$10,000, so the price tag for an entry-level security automation solution generally falls in the $50,000-$75,000 range.

2. Document your top five pain points

To reduce the likelihood of sticker shock and make a case for why you should leverage security automation in the first place, approach it so it can best work for your organization.

Start by listing your organization’s top five pain points regarding security processes. What’s tedious and takes too much staff time to execute? Which of these tasks do you want to automate?

Document each security process to illustrate the exact workflow and what the automation would look like. This will help you determine how many licenses you need to purchase.

You’ll also need to understand how your security automations vendor counts each automation task against their license model. For example, suppose you want to automatically disable an account (task #1) and reset its password (task #2). In that case, that’s an easy workflow to automate, but it could eat up two licenses if your vendor counts each automation task as a license. Suddenly, you’ve spent $20,000 to complete a single simple workflow.

Understanding the licensing model will accelerate your evaluation process and make your time commitment more efficient. You’ll avoid falling in love with a technology concept or vendor only to discover that your wish list of automations using that solution has priced you out of budget.

After creating your wish list and examining the workflows, you may need to license as few as five automations. You can make informed decisions about what automations are the most important for your organization and which ones you can live without.

3. Pinpoint what you want to automate – and its complexity

Depending on the organization's size, there’s usually some sticker shock. When discussing any security automation solution, the first step should be determining what you want to automate and how complex or sophisticated you want that automation to be.

Maybe you want to automate the process around suspicious email activity. Once a user submits a ticket, your security automation solution will automatically start an investigation, acquire the user’s email, launch a sandbox analysis, and perform a triage analysis. Each of those automations requires a license, so your organization could be looking at upward of $50,000 for that single workflow.

4. Security automation makes a difference

It’s important to be aware of the cost of implementing security automation before discussing it. But you should still have the conversation.

Automating security operations has a tangible cost because it has tangible benefits:

  • Staff can be more productive when they have fewer mundane or tedious tasks
  • Your ability to identify and respond to security events improves
  • Alerts are operationalized and automatically managed, so you eliminate alert fatigue
  • You gain a powerful workforce multiplier, which can make a positive financial impact on your organization

Security automation is not new, and it is not going away. If you have the budget and the desire to level up your organization’s security posture, tackling your top five most headache-inducing tasks is a great place to start.

[ Learn how leaders are embracing enterprise-wide IT automation: Taking the lead on IT Automation. ]

jim_broome_directdefense
Jim Broome is a seasoned technology veteran with more than 20 years of information security experience in both consultative and operational roles. Jim leads DirectDefense, where he is responsible for the day-to-day management of the company, as well as providing guidance and direction for its service offerings.