Page 206 - Cyber Defense eMagazine June 2024
P. 206
The “Non-Trend” of “Full Automation”
Workflows in Cybersecurity: A Reality Check
By Oren Koren, CPO & Co-Founder of VERITI
It’s no surprise that there’s been a shift to automated workflows in the past decade. Initially, automation
seemed straightforward: detect malicious activity, eliminate it, and prevent future occurrences. However,
this binary approach to cybersecurity soon proved inadequate as the complexity of threats and the
environments they target expanded. With the average cost of a data breach costing $4.45 million dollars
in 2023, organizations demanded more nuanced solutions, leading to the development of Security
Orchestration, Automation, and Response (SOAR) platforms. These systems promised to streamline the
incident response process by automating tasks based on various inputs, i.e., logs, events, and alerts,
thereby transforming the manual processes of Security Operations Centers (SOCs) and risk teams.
The adoption of SOAR technology by Managed Security Service Providers (MSSPs) and Managed
Detection and Response (MDRs) services marked a significant milestone in scaling their offerings. Yet,
as the market grew, so did the realization that the promise of complete automation—"let the system
handle it"—did not fully align with customer needs. Trust, or rather the lack thereof, in fully automated
systems to make critical decisions without human oversight became a glaring issue. But even more so,
the question of accountability in the event of a mistake by an automated system loomed large - does the
blame fall on the vendor, the security team, or perhaps a developer?
Cyber Defense eMagazine – June 2024 Edition 206
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
