The Role of Automation in Cybersecurity

Aided by major investments in machine learning (ML) technologies, automation applications in cybersecurity are shifting rapidly due to the proliferation and magnitude of cyber threats in enterprise, industrial, and governmental systems. Automation is also seen, however, as a double-edged sword, especially when it comes to critical functions like incident response or SOC operations. This report examines current and emerging automation applications like security alert streamlining and system optimization; investigates veiled challenges like interoperability, network visibility, and encryption; and provides guidance for organizations aiming to make use of autonomous security systems.

Table of Contents

• 1. TO AUTOMATE OR NOT TO AUTOMATE?
  • 1.1. Introduction and Overview
  • 1.2. Research Methodology and Market Data
  • 1.3. Network Disruption and Alert Fatigue
  • 1.4. SCAP/NIST Specifications Burrow Deeper Into Enterprise Security
• 2. MACHINE LEARNING APPLICATIONS DRIVING AUTOMATION ADOPTION IN CRITICAL FUNCTIONS
  • 2.1. Data Recovery
  • 2.2. Skills Assessment and Training
  • 2.3. Penetration Tests and Red Team Exercises
  • 2.4. Network Engineering
  • 2.5. Incident Response
  • 2.6. Leveraging the Extensive Data-Gathering Capabilities of SIEMs
  • 2.7. The Double-Edged Sword of Encryption
• 3. AUTOMATION OBJECTIVES IN CYBER SECURITY
  • 3.1. Automated Patching Across Multiple Server Instances
  • 3.2. Systems Engineering and Optimization
  • 3.3. Expedite Formatting and Machine-Readable Data
  • 3.4. Security Alert Streamlining
  • 3.5. TSL/SSL Certification management
  • 3.6. Permission Control and Privilege Management
  • 3.7. Empowerment, Not Replacement, of the Human Element
• 4. VENDOR SECTION
  • 4.1. Ayehu
  • 4.2. Gurucul
  • 4.3. Hexadite
  • 4.4. McAfee
  • 4.5. Symantec
  • 4.6. Tripwire
  • 4.7. Splunk
  • 4.8. Trudera
  • 4.9. Vectra Networks