5 Reasons Why Security Orchestration Is Not Enough

SMBs and enterprises today face daunting security threats. Attacks are more numerous, more subtle, and more dangerous, capable of stealing, encrypting, or deleting large volumes of data. The cost of a single data breach can reach millions of dollars, even excluding regulatory penalties and loss of reputation.
Over the years, many security teams have invested in Security Information and Event Management (SIEM) systems, which aggregate and monitor logs for indications of compromise.
SIEMs remain an important security tool, but they are no longer sufficient sources of threat intelligence. Too many security alerts turn out to be false positives, which end up consuming security analysts’ valuable time. And data breaches are still occurring, often undetected by SIEMs or traditional security solutions. In fact, the frequency of data breaches has recently been increasing 40% year over year1.
To improve on SIEM-based defenses, we have seen the emergence of three new types of security technologies: security orchestration, robotic automation, and intelligent automation.
• Security orchestration helps centralize information and control. It provides Security Operations Center (SOC) teams with a control panel for multiple security tools, and it automates some basic coordination between tools.
• Robotic automation automates the performance of routine, low-complexity tasks, such as closing ports, adding IP addresses to a blacklist, and so on.
• Cognitive automation accelerates threat analysis, threat detection, and SOC decision-making. Compared to robotic automation, cognitive automation applies machine learning techniques that are far more sophisticated and adaptive. Its results can dramatically transform SOC operations.
All these technologies generally build upon SIEMs and make some kind of valuable contribution to the SOC. But if organizations want to really reduce improve both efficiency and efficacy of their security operations, they need to seriously consider focusing their efforts on intelligent automation.