You might think that 3+ decades into the life of dedicated IT security products that said security landscape would be clearly defined and managed.
In reality, it is anything but. The problem is not so much the security landscape but the threat landscape; it is ever-changing, increasingly complex, and smart. Very smart. The result is that IT/Secops go into “throw anything and everything at it” panic mode – an approach that merely makes it that much harder to manage your security infrastructure and, as a result, makes your business that much more vulnerable. In other words, endless spend on security is self-defeating; the result is that only a small percentage of the security real estate is actually in use at any time and is anything but optimised, as observed by Gartner and others. It doesn’t help that, each year, thousands of security start-ups tell you that their new gizmo is the latest “must have”. Often it’s not clear what any of those given security products actually do and it’s even less clear if they are actually necessary.
Not sounding good, is it So, let’s get back to basics here – how about making what you already have work better? To do that requires introducing the dreaded “A” word – automation. It’s really quite simple: how can you have a secure threat defence if every aspect of your security strategy isn’t tightly integrated – full of holes, in other words and easily breached? Now, in terms of IT buzzwords, automation is right up there with orchestration, AI and machine-learning 😊 It’s up there for good reason – to date, it hasn’t been thought through and developed in a true end-to-end way. Only automating part of the security real estate is not a solution. That’s like a self-driving 4-wheel drive car, where only the front wheels have been programmed – it won’t work, and it is downright dangerous as a result… This can be likened to the first generation SOAR (Security Orchestration Automation and Response) products, which may have attracted early adopters to “jump on the bandwagon” but the problem is, these first generations products are NOT THE solution to securing this ever-increasingly complex threat landscape.
The good news (there is some, at last!) is that I’ve been speaking with a vendor who has grasped that security automation needs to be a dedicated, organisation-wide deployment, not a subsection owned by the SOC, and that company is Swimlane. I’ll be taking a deeper dive into the Swimlane tech in the very near future, so watch this space for links to the report, but initial impressions suggest that Swimlane’s 100% focus on creating an automation and orchestration platform (rather than it being a lukewarm by-product of a broader offering, as we’ve seen all too often to date) both provides the means to fully automate – thereby additionally removing the human error element – and is future-proofed, the two fundamentals of a successful security strategy.
Speaking of the human element, Swimlane’s low-code approach to automation appears to be wholly original, and makes automation an accessible reality for virtually any level of security skillset, not only highly-trained developers or tech guys with decades of experience beneath their belts. So, what exactly is low-code security automation? For starters, it is very use case driven – not a solution looking for a problem – and can be as simple as a drag ‘n’ drop data entry deployment. It has been designed to maintain inherent simplicity, regardless of the actual complexity of the use case itself. So, use cases build into comprehensive libraries of automation and – yes – it’s cloud-based, so it’s easy to access. The idea is that every element of integration can be achieved, being workflow and technology agnostic, hence the “organisation-wide” aspect and using the same features and functionality – it is a true platform, not a toolkit with a few vital spanners missing… It also means that the IT teams become more efficient, rather than continuing down the lines of panic recruitment – and the inevitable high turnover of staff that approach leads to, along with the turmoil it creates.
A quick glance at the platform shows it to be very visual and visibility oriented; we’re not talking screens of endless integration code and no support documentation. This approach can enable fast and accurate integration, true continuity and the benefits, therefor, of speed and ease of problem resolution. So, the premise is certainly most promising – and much needed. And what’s better than a promising premise?
In the next blog I’ll give an overview of the Swimlane offering, before making that deep dive but, meantime, it looks like – after decades of promises – automation is really here at last! In the words of Leonard Cohen (RIP) “Hallelujah”.