You are here

You are here

How automation improves SecOps incident response

public://pictures/jhunt.jpeg
Johnathan Hunt VP of Security, GitLab
 

Incident response teams work tirelessly, reacting to the never-ending barrage of incidents and events that put their company and its customers at risk. Using log correlation to identify and mitigate harmful activity is exhausting and can consume countless hours.

But the task can be more efficient and effective with full incident response automation. Automation can produce faster and more accurate results in many areas, resulting in faster investigations with better results—and greater protection of the company’s assets.

Here's what you need to know about how to put automation to work on incident response within your organization.

The new normal

One result of the COVID-19 pandemic is that the workforce has become more distributed than ever before, potentially leaving gaping security holes in the network. In 2020, over half of all US employees worked remotely, and 33% continue to do so today. Also in 2020, there were over 1,845 data breaches, with 300,562,519 people impacted. This has led to an increased focus on securing valuable assets and ensuring that the IT team can efficiently and effectively respond to outside threats.

Just two months ago, the Russian intelligence service infiltrated up to 18,000 government agencies and private-sector companies through the software services of a single company, SolarWinds. The fact that one company was able to impact so much of the United States’ online infrastructure makes the case for why the security of distributed networks needs to be a priority.

The average time to identify and contain a data breach—the breach lifecycle—was 280 days in 2020. We must do better, not just for ourselves and our companies, but for our customers and the people we serve. Automated incident response gives your business a secure, round-the-clock defense system. It allows your security and IT teams to sleep better at night, knowing that threats are continuously being detected and responded to in real time.

Control the cost of breaches

Automation will save you time and resources in the short term by freeing up employees to focus on larger, more sophisticated threats, and it will provide significant cost savings in the long run. Research shows that containing a breach in under 30 days can save a company more than $1 million, while the average cost of a data breach can be upwards of $4 million.

Automation can also assist with breach reporting. Taking too long to report a breach can result in big fines and a significant loss of trust from customers and employees. And the cost of notifying customers about a single hack averages around $740,000 in the United States.

Adding automation to your incident response will save you time and money and ultimately will keep your company safer and more secure.

Where to start on automating incident response

With all of that said, most organizations can be overwhelmed at the prospect of automating their incident response and usually don’t know where to start. But they should work to automate the detection of vulnerabilities as early in the DevOps cycle as possible—even at the time of code development once they have a firm process in place.

One effective step is to automate the alert system of incidents for endpoints and infrastructure, including indicators of compromise and malware. Another important measure is to automate the on-call alerting and escalation system, since this will drastically reduce the time between identification and mitigation of an incident.

No more afterthoughts

Security automation has long been treated as an afterthought, but no organization can stay safe and healthy doing that. Don't think of automation as a loss of control; think of it as a better way to control a bad situation. Do automation right and you can trust it to help safeguard the company. Remember, too, that it’s been proved time and again that automated SIEM evades human error

Keep learning

Read more articles about: SecurityData Security