We’re starting a series on the blog to explore Security Automation & Orchestration as a new technology. Comments will be enabled on this series as we’re hoping to see participation from the community.
When considering the series, we were reminded of the story about the blind men and the elephant. In this fable, each man touches the elephant and describes his experience. They all touch a different part, but only one part, such as the side or the tusk. When the men compare notes, they are in complete disagreement despite having all touched the same elephant.
New technologies can often seem like the elephant. When a category emerges, it’s common for vendors to position themselves to benefit. In doing so, they often “describe the elephant” differently depending on their experience.
In some versions of the parable, the men learn to collaborate and share their perspectives. This allows them to “see” the full elephant. We’d like to use this series on Security Automation & Orchestration similarly; a tool for collaboration.
We’ll make suggestions to describe a Security Automation & Orchestration platform, but rely on input from the community to refine it. In the end, we’ll all gain a better understanding of this new technology.
For today’s post, we’d like to share a summary list of key characteristics for Security Automation & Orchestration:
- Purpose-built for Security
- Vendor Agnostic
- Community Driven
- Extensible, Open Architecture
- Decision Making Support
- Automatic Ingestion & Enrichment of Data
- Automatic Action & Remediation
In subsequent posts, we’ll elaborate on each of these characteristics and solicit input from the community. For now, we’d like to hear your impressions of the list.
- Would you add others?
- Any that you would remove?
- Which seem the most uncertain or confusing?