Automation Is Great! But Humans Are Still Invaluable!
For those folks who have never really worked in security operations the terms automation and orchestration can sound like jobs will be lost. You cannot be any further from the truth. The fact is that there is often TOO much going on in a typical Security Operations Center (SOC) and many analyst wish the more repetitive and tedious tasks can be automated and taken off their plate! Having to put in a ticket because for the 4th time this month, Mr. Jones is infected with a virus, is absolutely not what they teach you in all those certifications courses. One of the reasons security analyst burn out so fast is because of the mind numbing activities that can exist with Level 1 (L1) type of work. If we can now teach machines to be the L1 analyst then we can use the SIEM technology to do what it is really design to do, catch the anomalies! Hunt down the bad guys. Dig into why there is a virus outbreak in our research development facility. All of the cool stuff, the cool security tools require some sort of normalization…. automation and orchestration can get you to the normal you need to start connecting some dots. I do not believe that incorporating security automation will displace anyone, it will just allow the teams to use their collective brainpower to do more meaningful work for their organizations.
As a side note, the article says 15% of organizations will be using automation and orchestration by 2020, however, keep in mind that tool efficacy is important as well. Being able to measure the effectiveness of the tool is very important! Having limited use cases where you are having the machine perform the repetitive work is a great place to start.