blog に戻る

2021年09月15日 Dario Forte

5 reasons why security automation won't replace skilled security professionals

The cybersecurity landscape is constantly evolving, even more so in the past decade, with technological revolutions changing the core of the cybersecurity industry. With new emerging technologies, machine learning, security automation, and AI are slowly but surely becoming a reality in the cybersecurity world.

But as the cybersecurity landscape continues and redefines the roles of security workers, which logically begs the question - what does this mean for security professionals? With new technologies bursting onto the scene, many security professionals are wondering how they will fit into the big cybersecurity puzzle? More precisely, will the evolution of security automation make security professionals obsolete?

The answer is: No. Security automation will not stand in the way of security professionals, and below we’ll discuss five reasons why cybersecurity careers are not at risk, even despite the growing implementation of automation in SecOps.

1. High-risk processes must be supervised by skilled security professionals

While security automation is already being used as a great way to cut down on time-consuming assignments and processes, the reality is that automation is widely used at automating repetitive and lower-risk tasks. Even when it comes to unheard of and unpredictable alerts, automation helps to quickly gather all the information from so many different technologies to allow the cyber team to make well-informed decisions.

Security automation in technologies like SOAR can be adjusted. This means that the level of automation applied in SecOps is determined by the security team. And by following their instructions, automation carries out the process until it reaches the stage where the analyst must participate. Naturally, in lower-risk processes, like data gathering, teams often choose to automate the entire process, but when it comes to remediation, triage, and containment, this is where the expert mind of security analysts outshines automation.

In other words, security automation is indeed useful in SecOps, but its implementation is often supervised by security analysts, especially when it comes to making crucial incident-response decisions and launching remediation initiatives.

2. Automation and security professionals are meant to coexist

The role of automation is to take care of the time-consuming aspects of security operations.

In the past, many feared that automation, AI, and machine learning were here to replace humans, but the truth is that automation is meant to aid security professionals, not hinder their prospects.

The implementation of security automation creates a balance in a SOC environment that allows security professionals to keep on doing what they do best, minus the repetitive, low-value, and time-consuming tasks that are delegated to automation. So, this sets the perfect setup for security analysts. Automation will do the errands where the room for major risks is low, while security professionals have more freedom and time to channel their expert minds on more challenging initiatives. Initiatives that only the human brain can overcome.

And we know what you may be thinking: What about when AI and automation become smarter? Will they eventually achieve such prominence that will overshadow the expert human mind in security operations?

In all honesty, making definite statements about whether automation will eventually make human intelligence redundant is not possible, as that would require us to predict the future. But right now, the trajectory of security automation is led by the idea of enhancing security professionals, not replacing them. Security automation helps humans become more efficient. It gathers information, automates repetitive tasks, proposes recommended actions based on machine learning, and ultimately allows the brilliance of the expert human mind to shine brighter than ever before.

Automation is here to make life easier for security professionals. It’s not here to replace them.

3. Automated systems cannot operate autonomously

The degree of automation is human-dependent and must continue to be. Cybersecurity is a business issue, and it's mostly made up of processes that use so many technologies. Thanks to SOAR you can create Standard Operating procedures in a graphical way, that is called playbooks, and you can have control of all the processes. As advanced as automation may be, the reality is that automation is still -- and will continue to be -- dependent on human instructions. Yes, we know very well that automation is backed by machine learning in advanced security solutions, such as SOAR. However, without human guidance, automation cannot persist.

Human intuition, intelligence, and hands-on experience are factors that automation can’t replace. While security automation offers many benefits, it has its limitations and is incapable of performing many processes that security professionals can perform.

The bottom line is, automation backed by machine learning and Supervised Active Intelligence is great for improving processes and quickly gathering relevant information. This helps relieve analysts of repetitive tasks by allowing them to have more free time to analyze potential risks and breaches and make critical decisions.

4. Relevant automated processes, such as SOPs, are guided by humans

Advanced cybersecurity technologies, such as SOAR, permit to automate SOPs (Standard Operating Procedures) and control them in a graphical way, orchestrating several tools in streamlined processes. In this case as well, security experts play a vital role in the creation and continuous improvement of the SOPs.

The entire process of launching these automated workflows relies on human guidance, and this is practically the basis of automation in cybersecurity. SOAR, as a highly advanced technology, uses the instructions established by security experts to achieve tasks at an optimal level. And while it operates independently once it is instructed, the SOPs are ultimately dependent on human instructions.

SOPs help SOC teams in the sense that they automate tasks that were once handled manually, thus allowing them to have more free time to focus on other initiatives. But the important thing to remember here is that even though SOPs operate autonomously once instructed by humans, they are at all times dependent on human supervision, and security experts are the ones that decide which tasks should be handled manually and which ones should be automated.

5. There are some things that can’t be automated

Automation does a lot to make life easier for humans, but there are some things that can’t be automated. Things that require creative thinking, thinking outside the box, hiring and training people, adjusting to new regulations, adapting processes to respond to ever-changing attacks etc.

These are very sensitive aspects of what makes us human, and this innate ability to think creatively, critically, and intuitively is a trait that will always belong to us. Automation systems require human intervention to adapt to new laws, regulations, and rules.

With that being said, automation is totally dependent on human guidance when deployed in a new environment. Even after it has been deployed, the automated system will continue to be subject to constant refinement, and in technologies such as SOAR, the degree of automation is progressively improved in a simple and intuitive way.

Security automation will redefine, but it won’t replace the roles of security professionals

To summarize, automation is not designed to replace security professionals but rather help them overcome the biggest challenges they’re facing.

The benefits of automation perfectly reflect what we’ve been trying to convey throughout this entire article - automation augments rather than replacing humans:

  • Helps with the skill shortage issue

  • Lowers the chance of human error

  • Reduces the time spent on routine tasks

  • Offers invaluable support to the security team

  • Improves SOC efficiency via standardized processes

  • Enhances incident response and threat intelligence

  • Lowers the number of false positives

The future of automation points to the direction of the coexistence of automation and humans. Forward-thinking technologies, such as SOAR, have brought the best out of automation and have shown that the future of cybersecurity lays within the collaboration of automation and security professionals.

Automation plays a vital role in the functioning of modern SOCs, and its application is expected to be of even greater importance in the near future. However, we are more than certain that it will not come at the expense of security professionals.

Learn more about the powers of security automation in advanced solutions such as Cloud SOAR.


Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic cloud-native SaaS analytics

Build, run, and secure modern applications and cloud infrastructures.

Start free trial
Dario Forte

Dario Forte

VP & GM, Orchestration & Automation

Dario Forte started his career in IR as a member of the Italian police, and in that role he worked in the US with well-known government agencies such as NASA. He is one of the co-editors of the most relevant ISO Standard (SC 27) . Dario Holds 5 patents, he has an MBA from the University of Liverpool, plus executive education at Harvard Business School.

More posts by Dario Forte.

これを読んだ人も楽しんでいます