Towards the end of last year, I spoke about a vendor, Swimlane, who appeared to be getting the concept of automation and orchestration absolutely on the money – and in the area where it is most needed, that of security.
Nothing is more insecure than a badly designed and managed security strategy; thinking you’re safe when there are actually more gaping holes than in a Swiss cheese, or indeed a Boris Johnson statement. But humans do make errors, hence why automation is needed. With that in mind, my resulting hands-on analysis of the Swimlane technology was very timely.
The full report can be found here: https://www.swimlane.com/resources/low-code-security-automation-report but here’s a summary of what you can expect to find. Firstly, it’s worth noting that the primary reason why automation and orchestration have been mooted for decades but not delivered on, is because of the complexity involved, regardless of how AI and ML have developed (or not) over that period. Swimlane has therefore developed a methodology it calls low code automation – addressing the fundamental issue of complexity and thereby making it genuinely deliverable. It’s also a platform designed to work with 3rd party products and services, the complete opposite of a lock-in vendor technology, meaning it is designed for the ongoing purpose of fully automating and orchestrating a security infrastructure, including operations beyond the SOC, and regardless of the vendors making up that infrastructure.
All this core simplicity would be for nothing if, in day-to-day use, the product proved to be difficult to manage. But it isn’t… There aren’t screens of endless integration code and no supporting documentation; instead, it’s all very visual and intuitive – dashboards, classic drill-down approaches to extracting more detail and with a wide range of report and alerting options. Nothing in the platform is alien, even to a relatively new recruit to the world of IT and security administration.
So, is Swimlane the answer to the conundrum of making complex security deployments actually manageable and easily deployed – and on an ongoing basis at that? In a word, yes. Moreover, the use cases are effectively infinite, but check out the report anyway to see some core cases highlighted, including resolving a classic phishing attack and threat intelligence feed analysis. The core takeaway here is simple – in the event of a potential breach, Swimlane hugely reduced the time to remediation, compared with a manual, or even a semi-automated approach. Put simply, it works!