Why Manual Processes Become Security Risks
While many organizations invest in detecting security issues, we regularly hear about companies being breached. Security teams fight the battle against cyber threats, and CISOs still struggle to answer the question: “Is my security posture improving or deteriorating?” Why is this happening?
A new study by Enterprise Strategy Group (ESG) shines light on this issue. Nearly 75% of those surveyed said that incident response tends to be based upon informal processes. And 93% of respondents say that their incident response effectiveness and efficiency is limited by the burden of manual processes. See the full report here.
Security teams are inundated with alerts from multiple sources. They’re using emails, spreadsheets, and phone calls for cross-team handoffs and siloed security products.
With such practices in place, it’s no wonder that it takes enterprises an average of 206 days to spot a breach and an average of 69 days to contain it, according to the Ponemon Institute. And it’s not improving. Of those surveyed by ESG, 61% believe that incident response has become more difficult over the past two years.
This story must sound familiar to IT teams who live it every day. We’ve seen that unstructured work drains productivity and keeps us on that treadmill.
In the case of security, using manual tools and processes not only hinders a team’s ability to find issues and solve them quickly, but also becomes a risk. Time to containment is key to reducing the cost and impact of a breach, which can improve a firm’s security posture.
In addition, the survey showed that the unhealthy reliance on manual tasks likely aggravates the divide between IT and Security teams. The two groups are often disconnected and their goals unaligned. Fixing most security incidents or threats requires collaboration between these teams.
Security Operations: A Holistic View
Buying more software to detect potential threats won’t bridge this gap. In fact, as my colleague Dave Wright often says, buying new software without revamping the process behind it, is like getting a shiny, new chassis and hitching up a team of horses in front. Gets you nowhere fast.
That’s where our new Security Operations offering comes in. We’ve extended our expertise in workflow, automation and orchestration to security. For the first time ever, there’s software that fundamentally transforms the process for security response.
Security Operations helps customers move to a centralized response process for incident response and vulnerability response via a single platform, giving a clear, fact-based view into security posture.
Today’s news is a first step. It’s our intent to not only modernize incident response but aid customers in the incident investigation process with more context and threat data down the road. We’ll apply our automation and orchestration to help customers respond faster — and even automatically.
This furthers ServiceNow’s guiding mission to apply a service orientation to all work tasks – HR, IT, facilities and now security.