The goal of security automation is to accelerate detection and response, but you’ll waste a lot of time if you try to eat the elephant all at once
One of my favorite phrases when strategizing how to approach a daunting challenge is “eat the elephant in chunks.” Whether you’re talking about running a marathon, going after that big promotion or saving for the future, the most effective and efficient way to achieve a larger goal is by breaking it down into smaller, discrete pieces. The approach is also highly applicable when talking about security automation.
Security orchestration, automation and response (SOAR) platforms that focus on automating processes are a great example. Organizations were drawn to the promise of SOAR to improve the throughput of analyst work by automatically running a playbook in reaction to an incident or issue without the need for human intervention. SOAR was an important step forward and off to a great start. But over time, organizations started to see the pitfalls of trying to eat the entire elephant all at once instead of in chunks. Here’s what I mean.