Last updated at Wed, 27 Dec 2023 20:20:57 GMT
Often when security teams think about security automation, they worry they don’t have the coding capabilities needed to create, implement, and maintain it. Pulling development resources from the IT team or engineering department can take time; backlogs are long, and revenue-generating projects tend to take priority. Another option is to hire an IT consultant, but this can be pricey and may not be sustainable long-term.
Instead, some security teams try to find the coveted “unicorn:” a security pro who is not only an expert on all things information security, incident response, or threat intelligence, but someone who can also write integrations and build automation between systems and products. But finding this rare type of person is a tall order (if not an impossibility). In many cases, it can take up to a year to hire a security professional, and that doesn’t include finding someone who also has a software development skill set.
Evaluate Your Security Automation Options
So if internal resources are tight and there isn’t budget to hire an outside consultant or “unicorn,” what can you do?
My first piece of advice is to begin leveraging a security orchestration and automation solution to handle many, if not all, of your routine tasks for you. This can accomplish three things:
- Ensure all security tasks are taken care of in a timely and proactive way
- Eliminate the need for coding skills on your team
- Reshift your team’s focus to more strategic, ROI-driven tasks
Then, when you need really customized integrations or complex workflows built, you can bring in coding expertise strategically. This can help optimize both your development and security resources.
With the need for coding solved, you can stop chasing the ephemeral unicorn hire, as well as better optimize what your current team is working on. Instead of having them spend most of their time on mundane tasks like reviewing alerts, investigating phishing attempts, and scoring IP addresses, they can put their talent to better use analyzing and responding to threats and developing a more strategic security posture.
And with less busy work on their plates, they can spend more time learning new skills, such as coding if you do want the ability for your team to build custom integrations or automation on top of the security automation and orchestration solution you use.
With your team able to re-shift their focus to tasks that are most relevant to their skill set and interests, you may also reduce attrition (an added bonus considering today’s security talent crunch.
Find Your Balance
At the end of the day, my advice to all companies is to code strategically. This is not to say you can’t or absolutely should not bring coding resources onto your security team. Instead, look to strike a balance between bringing in scarce resources when you really need them and relying on out-of-the-box solutions whenever possible to alleviate the talent (and time) crunch.
Look to leverage a security orchestration and automation solution that can do much of the heavy lifting for you, and save your development resources for the truly custom work. Ideally, the security orchestration and automation solution you choose will allow you to add custom integrations alongside pre-built workflows. Finding one that offers the best of both worlds will keep your team happy and productive, and accelerate the time to value for security automation.
Takeaway: Let your talent focus on what they do best, and let orchestration and automation take care of the rest.
If you’re exploring custom-built orchestration and automation versus investing in a purpose-built solution, learn more about InsightConnect by Rapid7 and request a demo.
