SANS has just released the latest results of its 2020 Automation and Integration Survey. If you are currently using automation tools, or are considering adding security automation to your environment, you’ll be interested in reading the SANS survey results to learn more about where and how organizations are focusing their automation efforts.
More than 500 respondents answered tough questions surrounding automation and integration within their security environments: what’s being automated, what automation budgets are doing in 2020, and what’s been most impactful about automation, among many others.
The top benefits from automation reported include:
- Improved visibility and monitoring infrastructure
- Reduced time for detection, response or remediation
- Improved collaboration between team members working together on incidents
Key takeaways:
- Nearly 74% of respondents are applying automation at medium or high levels for security operations and event or alert processing, indicating that they are making good use of existing systems.
- Automation adoption continues to rise: In 2019, 12% of respondents had no security automation. In 2020, that dropped to 5%. Meanwhile, those utilizing a medium to high level of automation in their organization grew from 39% to 47% year over year.
- Automation is not replacing jobs: Only 5% of respondents expect automation efforts to result in a reduction of staffing. Instead, 49% anticipate better staff utilization after implementing automation.
- The level of collaboration between the security operations center (SOC) and incident response (IR) teams appears to be a factor in organizations’ adoption of automation. Organizations that have fully integrated their IR team with their SOC are 38% more likely to adopt medium- or high-level automation compared to their counterparts that maintain completely separate IR and SOC teams.
- Going beyond mean-time-to-remediate (MTTR): The most valuable metric in quantifying the impact of integration and automation was “Number of incidents identified through monitoring program” (57%), followed closely by “Number of endpoints impacted by an incident” (56%).
“Automation is critical in order to make incident response manageable. Manually responding to, analyzing, containing and remediation incidents is a losing battle.” -Survey respondent
At Swimlane, we’re committed to maximizing the capabilities of our customers’ existing security infrastructure and staff through security automation and orchestration. Our leading security orchestration, automation and response (SOAR) platform helps teams automate incident response, consolidate and contextualize incident data, and gain holistic security operations visibility. To learn more, visit our SOAR Platform page.
Download the full survey results, sponsored by Swimlane, as well as SANS’ recommendations on implementing new automation projects.
Get the SANS Automation and Integration Survey
Download the SANS 2020 Automation and Integration Survey today to gain additional insight into the statistics found this year, key takeaways on security automation, and the impact of automation and integration on the SOC and incident response.