Connect with us

Hi, what are you looking for?


Artificial Intelligence

Now’s the Time for a Pragmatic Approach to New Technology Adoption

What a cloud migration strategy did for cloud adoption, an automation implementation strategy does for security automation adoption.

To say there’s been a lot of hype around AI lately would be an understatement. We’ve all seen headlines touting how AI could change the future of work – even the entire course of history. And we shouldn’t be surprised to see AI live up to its billing, eventually. But for AI to have a positive impact on organizations more quickly than any technology innovation to date, we need to learn from the past.

For those of us who have been in technology for a while, particularly as it applies to enterprise environments, let’s remember that “technology for technology’s sake” is merely interesting. It becomes meaningful and, yes, even life-changing when it is approached pragmatically and used to solve specific problems.

Seeing the value for the clouds

An early example that comes to mind is the cloud. A decade into the establishment of cloud computing services, multiple studies showed that most organizations were only at the pilot phase or using the cloud for noncritical applications. Corporate IT and security personnel were afraid of having infrastructure and data outside of their control. The stakes were high and the complexity and challenges to move forward with confidence seemed daunting, particularly as these were early days and few companies had specific cloud migration strategies in place.

Ultimately, people realized the benefits and efficiencies of the cloud were necessary for scale and agility and security guidelines and assurances continued to evolve. So, the discussion turned from “if” to “how” and talk of the cloud turned into implementation plans and action. Today, multi-cloud strategies are the norm. But that took a lot of time and lessons learned about how we need approach new technologies to gain traction.

Understanding the how of security automation

Now, we’re in the midst of another major technological trend also discussed for years – security automation. In the past, organizations have been held back by lack of expertise or fear of being burned when an automation doesn’t work as intended, so initiatives were shelved. However, just as the cloud took time to evolve, a recent survey found that trust in security automation is rising, but barriers to adoption remain. We’re reminded that to move the needle on new technology adoption we need to focus on the problem we want to solve. Only then can we put a solid implementation plan in place. A pragmatic approach to automation involves the following steps:

Advertisement. Scroll to continue reading.
  • Identify the use cases you want to address with automation.
  • Define a small scope that is not too unwieldy so that you can break automation down into smaller chunks.
  • Apply automation at this atomic level, resisting the natural human tendency to make it overly complex.  
  • Test and gain confidence in this basic use case and then build to expand automation to extend into other use cases.

A good starting point could be contextualization of data which in and of itself provides significant value. You can automatically augment and enrich internal data with threat data from the multiple sources you subscribe to – commercial, open source, government, industry, existing security vendors – as well as frameworks like MITRE ATT&CK. Combining and correlating internal and external data gives you context to understand what is relevant for your organization. Then, you can build on that contextualized data to expand your implementation of security automation, adding discrete tasks based on triggers and thresholds you set and defined by the use cases you select, such as spear phishing, event triage, threat hunting and incident response.  

What a cloud migration strategy did for cloud adoption, an automation implementation strategy does for security automation adoption. It provides a framework to help organizations get from here to there in a methodical way. Instead of attempting to tackle automating an entire process all at once, it helps us focus on automating activities and specific actions to avoid the complexity and can gain meaningful value quickly.

Here comes AI

Very soon we’ll be faced with a similar scenario with respect to AI adoption. The expectations for the technology and the urgency to adopt it are higher than we’ve ever seen before. I believe we now know how to be specific and pragmatic in our implementation approach to new technology to realize value. Sure, there’s still a lot we don’t fully understand about this new frontier. But the future is bright when you have exciting opportunities in front of you and a path to get there.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...