How to Bring the Power of No-Code Security Automation to Your Team in 2022
Almost three quarters of SOC analysts feel “very or somewhat burned out” at work. More than six in ten said they want to leave their job “in the next year.” In this Expert Insight, Tines CEO Eoin Hinchy (@eoinhinchy) says no-code automation provides a way for companies to end the burnout and create higher engagement, with less turnover.
As a SecOps team leader, you’re probably well aware of the two big issues hindering security teams today: too much work and not enough staff. Or rather, too much mundane, monotonous work that’s causing burnout and keeping analysts from spending their time on more higher-value tasks that can further their organization’s security efforts.
The solution? No-code automation.
You may have heard the term no-code automation, but what is it really? Today’s frontline analysts have to deal with increasingly complex workflows. In order to automate phishing attack responses, threat intelligence enrichment, or suspicious login investigations, some kind of script must have to be involved, right?
No-code automation is just that — no need for coding — and no-code platforms allow users to drag-and-drop actions into a workflow, wire them together, set some parameters, and let them run. Robust no-code platforms include the right building blocks to allow analysts to create complex automations, and the ability to iterate immediately on what they’ve created.
Most of all, no-code automation allows frontline analysts to automate these tasks themselves: no need to get developers involved. Automation also frees up analysts to focus on more high-impact tasks, like improving the organization’s security posture, training others on security awareness, and deploying new technologies.
In our recent report on the “Voice of the SOC Analyst,” we found that 71% of analysts feel very or somewhat burned out at work and that 64% want to leave their job in the next year. Additionally, a report by SIRP finds that 34% of analysts say their work/life balance has gotten worse and 42% say the pressure at work has intensified. Yet no-code automation adoption is a way to achieve higher engagement, less burnout, and less turnover.
Security leaders looking to reduce barriers, streamline their processes, increase their time to value, and have a happier, more engaged workforce should look to bring no-code automation to their teams in 2022. What follows is how to do that.
Five Steps to Adoption
Now that you’ve seen that no-code automation is the next step to maximizing your efficiency and improving your security team, here are the steps to follow for getting up and running, and making the most out of your new platform.
Step 1: Evaluate your options
As you begin searching for the right platform, look for vendors who have experience in solving your specific use cases. For example, if you spend most of your time following up on suspicious logins, and they don’t make any mention of how to automate for that use case, take a look elsewhere.
Additionally, ask how the platform integrates with your in-house APIs. Legacy automation platforms typically feature pre-baked integration, but only for a small number of popular tools. Seek out a platform that has the ability to integrate with all of your organization’s tools, no matter how niche or custom they may be.
Step 2: Run a POC process
When it comes time to demo, don’t pick a simplified workflow, but ask the vendor to run a more complex one that more closely mimics what types of tasks you’ll automate in the future — and a good vendor will be excited by the challenge!
Platforms should be robust enough to automate complex, lengthy workflows, yet many of the automation platforms that sell themselves as “powerful” have surprisingly low operational limits. If at some point the ‘no-code’ platform suddenly involves code, this is a red flag, and move on.
Step 3: Purchase the best tool for the best price
As you explore options, consider the pricing model (e.g., data ingestion or storage rates) and not just the price tag to get started. And be sure to ask how pricing will change as usage increases, as many security vendors often make their pricing opaque.
Committing to no-code automation means scaling the number, size, and throughput of workflows, and with increased usage, you need to know what to expect to pay. You want a model that will encourage as many team members as possible to be involved, without worrying about hitting a data cap or a user license limit.
Step 4: Build workflows iteratively
Once you have your no-code automation platform up and running, the best approach is to start small with prototypes and MVPs, and then keep evolving the complexity.
Deploy the simplest usable version to production first, and then expand workflows little by little to cover edge-and-corner cases. This also allows analysts to become more creative with their automation, building more sophisticated processes as they go.
Step 5: Deployment is only the beginning
Because of the ease of use of no-code automation, analysts can keep maintaining and evolving the workflow in production, and iterating those workflows as their company’s processes and threats continuously change. One thing to remember is not to price the maintenance of automation at zero. Even if it’s built flawlessly the first time around — which is rare — external context will always change, necessitating future iteration.
The Next Step is No-Code
(*) Disclosure: This article was sponsored by Tines. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.