We hear a lot about security orchestration, automation, and response.  It will help us with our security skills gap.  It will improve our operational efficiency, thus reducing mean time to detect and respond to incidents.  It will give us more time for threat hunting.  But how much is really being automated?

In sponsorship with ServiceNow, we conducted the “5 Stages of Automation Maturity” survey to find out.  The objectives for the survey were pretty straight forward:

• How mature are our automation capabilities?
• What security use cases are being automated today?
• What security use cases will we be automating in the future?
• What is driving us to automate and what is hindering us?

We received 142 responses to the survey across the following demographics:

• Role: 60% Users/Architects and 40% Managers/Executives
• Experience: 60% 7+ Years and 40% <7 Years
• Industry: 30% IT/Technology, 18% Financial Services, and 15% Health/Pharmaceuticals
• Company Size: 67% 5,000 or Fewer Employees and 33% >5,000 Employees
• Region: 77% North America and 17% Europe

To summarize the survey findings, we had to analyze 135 answers for each response.  As a result of this analysis, here are the key findings of the survey:

• Average maturity on a scale from 0 (Manual) to 4 (Optimization) is 1.22, which is just above Basic Operations. There is still a lot of room for improvement.
• On average, 25% of Security Operations are currently being automated. 73% reported an increase in automation in the last two years.
• On average, 55% said their interaction with IT had increased in the last two years, but the type of interaction definitely varies by maturity.
• We expected Malware and Phishing to be the top use cases being automated currently. We were close.  Here are the top uses cases currently being automated:
  1. Malware
  2. Brute Force/Failed Login
  3. Phishing
  4. Suspicious Web Access
  5. Malicious Network Traffic
• The top uses cases planned for automation in the next 12 months include:
  1. Vulnerability Management
  2. Data Loss/Exposure
  3. Rogue Server/Service and Incident Case Management
• The top uses cases planned for automation in the next 24 months include:
  1. Privileged Access Monitoring
  2. Threat Hunting
  3. Insider Threat
• The top driving forces for automation include:
  1. Lack of People/Resources
  2. Goal to Formalize Processes to Reduce Errors
  3. Increasing Volume of Alerts
• The top three things holding you back from automating include:
  1. Integrating Data/Tools
  2. Documenting Formal Process That Can Be Automated
  3. Confidence in What to Automate

For more details on the survey results, watch the on-demand webcast here.  To learn more about ServiceNow, please visit securityweekly.com/servicenow.