SprwLabs
Gartner has spent the last 5 years touting the benefits of automation and they’re right! Automation has the potential to revolutionize how a security organization operates. They have however completely disregarded how to consume automation.
Bringing automation into an organization doesn’t start with a tool, technology, or person. It starts with a process and having access to perform the necessary function. This is what we describe as the golden rules of automation:
1.) To automate, you need access
2.) To orchestrate, you need a process.
3.) To be successful, you need both.
Far too often we see organizes dive into automation without a full understanding of these rules and how they apply to their technology stack. Many older technologies do not have the same functionality or user experience in their API which exists in their UI. Discovering this takes hours of reading API documentation, testing requests and viewing the response data. Having a firm understanding or experience with an API reduces the level of effort significantly.
Once we’ve completed the evaluation of the technology stack, we next evaluate how we can augment the process. Consistently prospects come to us with failed SOAR deployments where they’ve tried to augment a process end to end. Many analysts prefer the consoles of the tools they view daily. Instead of focusing on wholesale replacement of a process, we focus on how to augment it and introduce automation in a scalable way. With any journey, it has multiple steps. As we continue through the automaton journey, we continue to further introduce further automations with the goal of creating a wholly automated process.
Some basic examples we usually see clients start with are:
In our view, every client can consume automation however how they go about consuming it varies. Consistently we’ve seen success in building client’s process with this methodology. If your SOAR is shelfware today or you do not feel you’re utilizing it to the fullest potential, let’s have a conversation about how we can help.