Based on numerous conversations with CISOs, I've learned there is widespread interest in automating and orchestrating security operations. In fact, lots of enterprises are already doing so. According to ESG research, 19 percent of enterprise organizations have already deployed security operations automation/orchestration technologies “extensively,” while another 39 percent of enterprises have done so on a limited basis.
Now, we tend to lump automation and orchestration together, but there are vast differences between the two. In a recent survey on security operations, ESG defined the terms:
Automation refers to using technology to automate some type of security operations task. For example, an organization could create remediation rules by using indicators of compromise (IoCs) found in threat intelligence to generate rules for automatically block malicious IP addresses, web domains, and URLs. Typically, automation refers to a single process or task.