In recent years, the cybersecurity landscape has seen a significant shift towards automation. Initially, the focus was on detecting and eliminating malicious activities to prevent future breaches. However, as cyber threats became more complex and targeted, organizations quickly realized that a binary approach to cybersecurity was no longer sufficient. With data breaches costing an average of $4.45 million in 2023, the demand for more nuanced solutions led to the emergence of Security Orchestration, Automation, and Response (SOAR) platforms. These platforms aimed to streamline incident response processes by automating tasks based on various inputs such as logs, events, and alerts, revolutionizing the traditional manual processes of Security Operations Centers (SOCs) and risk teams.
The adoption of SOAR technology by Managed Security Service Providers (MSSPs) and Managed Detection and Response (MDRs) services marked a major milestone in scaling their offerings. However, as the market expanded, it became clear that complete automation was not always in alignment with customer needs. The lack of trust in fully automated systems to make critical decisions without human oversight became a major concern. Additionally, questions of accountability in the event of mistakes made by automated systems arose, leading to uncertainty about who would be held responsible – the vendor, the security team, or the developer.
Implementing SOAR solutions came with its own set of complexities, as organizations needed to continuously adjust these systems to keep up with the evolving cyber landscape. As new partners and security solutions were introduced, the threat landscape expanded, requiring automation to adapt accordingly. This raised the question of how organizations could maintain an up-to-date security posture without complete insight into their business environment.
To address the skepticism towards full automation, a new market emerged that emphasized security solutions capable of identifying gaps beyond simple log analysis. Modern expectations now include automation driven by machine learning, offering not just predefined playbooks but also the flexibility for customers to interact directly with the remediation process. This approach blends automated efficiency with human judgment, allowing security analysts to navigate effectively.
The distinction between “automated remediation” and “automatic remediation” has become crucial in understanding market dynamics. Customers are now seeking solutions that provide the framework for automation while allowing space for human intervention and decision-making. The demand for open systems accessible via API underscores a desire for flexibility and control over automated processes.
The narrative surrounding full automation in cybersecurity has often been idealized, portraying a self-sufficient system capable of managing security threats without human intervention. However, the importance of trust in technology cannot be overlooked. Trust must be earned through transparency, reliability, and the ability to intervene when necessary. Moving forward, the challenge for vendors and cybersecurity professionals will be to refine technologies to be effective, efficient, trustworthy, and adaptable to meet the evolving needs of organizations and the threats they face.
Oren Koren, the Co-Founder and Chief Product Officer of Veriti, brings 19 years of experience in cybersecurity, advanced threat analysis, and product management. With a background in innovative cybersecurity projects and research, Oren has a deep understanding of the evolving cybersecurity landscape. As organizations navigate the complexities of automation in cybersecurity, the need for human judgment and intervention remains a crucial aspect of building trust in these technologies.