Automation. Where do We Go from Here?
What’s next in the evolution of security automation and orchestration?
Over the past 20 years we’ve seen significant improvements in cybersecurity technology and tools. For example, new versions of intrusion prevention systems and firewalls were introduced using terminology like “next-generation”, which I’m not a fan of because it borders on hype. (What is after next-generation? Next-next? But I digress…) Regardless, ultimately, important revisions and upgrades were made that helped security teams improve threat detection and prevention.
Unique capabilities also emerged like automation and orchestration that became the focus of new categories like security orchestration, automation and response (SOAR) platforms which quickly proved their value by improving the throughput of analyst work. As SOAR platforms grew in popularity, vendors of related cybersecurity product categories began to envision how automation and orchestration could also be applied to their area of focus. Soon, a technology that began as a unique capability of SOAR, evolved to become a core feature in many other categories. SIEM providers acquired stand-alone SOAR platforms, and endpoint detection and response (EDR) and extended detection and response (XDR) solutions broadened to include automation and orchestration capabilities. What’s next in the evolution of automation and orchestration?