To say there’s been a lot of hype around AI lately would be an understatement. We’ve all seen headlines touting how AI could change the future of work – even the entire course of history. And we shouldn’t be surprised to see AI live up to its billing, eventually. But for AI to have a positive impact on organizations more quickly than any technology innovation to date, we need to learn from the past.
For those of us who have been in technology for a while, particularly as it applies to enterprise environments, let’s remember that “technology for technology’s sake” is merely interesting. It becomes meaningful and, yes, even life-changing when it is approached pragmatically and used to solve specific problems.
Seeing the value for the clouds
An early example that comes to mind is the cloud. A decade into the establishment of cloud computing services, multiple studies showed that most organizations were only at the pilot phase or using the cloud for noncritical applications. Corporate IT and security personnel were afraid of having infrastructure and data outside of their control. The stakes were high and the complexity and challenges to move forward with confidence seemed daunting, particularly as these were early days and few companies had specific cloud migration strategies in place.
Ultimately, people realized the benefits and efficiencies of the cloud were necessary for scale and agility and security guidelines and assurances continued to evolve. So, the discussion turned from “if” to “how” and talk of the cloud turned into implementation plans and action. Today, multi-cloud strategies are the norm. But that took a lot of time and lessons learned about how we need approach new technologies to gain traction.
Understanding the how of security automation
Now, we’re in the midst of another major technological trend also discussed for years – security automation. In the past, organizations have been held back by lack of expertise or fear of being burned when an automation doesn’t work as intended, so initiatives were shelved. However, just as the cloud took time to evolve, a recent survey found that trust in security automation is rising, but barriers to adoption remain. We’re reminded that to move the needle on new technology adoption we need to focus on the problem we want to solve. Only then can we put a solid implementation plan in place. A pragmatic approach to automation involves the following steps:
- Identify the use cases you want to address with automation.
- Define a small scope that is not too unwieldy so that you can break automation down into smaller chunks.
- Apply automation at this atomic level, resisting the natural human tendency to make it overly complex.
- Test and gain confidence in this basic use case and then build to expand automation to extend into other use cases.
A good starting point could be contextualization of data which in and of itself provides significant value. You can automatically augment and enrich internal data with threat data from the multiple sources you subscribe to – commercial, open source, government, industry, existing security vendors – as well as frameworks like MITRE ATT&CK. Combining and correlating internal and external data gives you context to understand what is relevant for your organization. Then, you can build on that contextualized data to expand your implementation of security automation, adding discrete tasks based on triggers and thresholds you set and defined by the use cases you select, such as spear phishing, event triage, threat hunting and incident response.
What a cloud migration strategy did for cloud adoption, an automation implementation strategy does for security automation adoption. It provides a framework to help organizations get from here to there in a methodical way. Instead of attempting to tackle automating an entire process all at once, it helps us focus on automating activities and specific actions to avoid the complexity and can gain meaningful value quickly.
Here comes AI
Very soon we’ll be faced with a similar scenario with respect to AI adoption. The expectations for the technology and the urgency to adopt it are higher than we’ve ever seen before. I believe we now know how to be specific and pragmatic in our implementation approach to new technology to realize value. Sure, there’s still a lot we don’t fully understand about this new frontier. But the future is bright when you have exciting opportunities in front of you and a path to get there.
