• Watch
  • Listen
  • Live Stream
Security Weekly
Security Market Validation
  • Listeners
    • Subscribe
    • Insider List
    • Suggest a Guest
  • Shows
    • Paul’s Security Weekly
    • Enterprise Security Weekly
    • Business Security Weekly
    • Application Security Weekly
    • Security & Compliance Weekly
    • Security Weekly News
    • Tradecraft Security Weekly
    • Secure Digital Life
  • Series
    • CISO Stories
    • Getting the Real Work Done in Cybersecurity
  • Webcasts/Trainings
    • Registration
    • On-demand
  • Articles
  • Partners
    • Become a Partner
    • Landing Pages
    • Bookings
      • Approved Interview Form
      • Approved Interview Form – Returning Guest
      • Conference Collection Form
  • Hosts
  • Company
    • About
    • Contact
    • Careers

Application Security/ Articles/ DDoS/ Email Security/ Exploit Prevention/ Firewall/ Identity and Access/ Incident Response/ Insider Threat/ Network Traffic Analysis/ Security Operations/ Threat Hunting/ Threat Intelligence/ Vulnerability Management

How Mature is Your Security Automation? See the Survey Results and How You Compare.

Matt Alderman November 15, 2019

We hear a lot about security orchestration, automation, and response.  It will help us with our security skills gap.  It will improve our operational efficiency, thus reducing mean time to detect and respond to incidents.  It will give us more time for threat hunting.  But how much is really being automated?

In sponsorship with ServiceNow, we conducted the “5 Stages of Automation Maturity” survey to find out.  The objectives for the survey were pretty straight forward:

  • How mature are our automation capabilities?
  • What security use cases are being automated today?
  • What security use cases will we be automating in the future?
  • What is driving us to automate and what is hindering us?

We received 142 responses to the survey across the following demographics:

  • Role: 60% Users/Architects and 40% Managers/Executives
  • Experience: 60% 7+ Years and 40% <7 Years
  • Industry: 30% IT/Technology, 18% Financial Services, and 15% Health/Pharmaceuticals
  • Company Size: 67% 5,000 or Fewer Employees and 33% >5,000 Employees
  • Region: 77% North America and 17% Europe

To summarize the survey findings, we had to analyze 135 answers for each response.  As a result of this analysis, here are the key findings of the survey:

  • Average maturity on a scale from 0 (Manual) to 4 (Optimization) is 1.22, which is just above Basic Operations. There is still a lot of room for improvement.
  • On average, 25% of Security Operations are currently being automated. 73% reported an increase in automation in the last two years.
  • On average, 55% said their interaction with IT had increased in the last two years, but the type of interaction definitely varies by maturity.
  • We expected Malware and Phishing to be the top use cases being automated currently. We were close.  Here are the top uses cases currently being automated:
    1. Malware
    2. Brute Force/Failed Login
    3. Phishing
    4. Suspicious Web Access
    5. Malicious Network Traffic
  • The top uses cases planned for automation in the next 12 months include:
    1. Vulnerability Management
    2. Data Loss/Exposure
    3. Rogue Server/Service and Incident Case Management
  • The top uses cases planned for automation in the next 24 months include:
    1. Privileged Access Monitoring
    2. Threat Hunting
    3. Insider Threat
  • The top driving forces for automation include:
    1. Lack of People/Resources
    2. Goal to Formalize Processes to Reduce Errors
    3. Increasing Volume of Alerts
  • The top three things holding you back from automating include:
    1. Integrating Data/Tools
    2. Documenting Formal Process That Can Be Automated
    3. Confidence in What to Automate

For more details on the survey results, watch the on-demand webcast here.  To learn more about ServiceNow, please visit securityweekly.com/servicenow.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related Posts

tea leaves

Application Security /

Reading the Application Security Tea Leaves – How to Interpret the Analyst Reports

linux security

Articles /

How to Defend Linux from Attacks

vulnerability management

DDoS /

Cisco VPN 3000 DoS Vulnerability – NOT FIXED

‹ Investigating Phishing Emails and Domains Using DomainTools Iris › Security Market Validation for the Buyer and Seller

About Security Weekly

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.

More Than Just A Sponsor

We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.

Back to Top

Subscribe To The Blog:

RSS Feed RSS - Posts

Search

Follow Us On Twitter

→ Follow Us
© Security Weekly 2021
Powered by WordPress • Themify WordPress Themes