I was listening to an a16z podcast recently on Automation, Jobs & the Future of Work. They explored the notion of automation vs. augmentation on the session. It’s a contrast that I’ve also pondered when thinking about security orchestration.
Automation and orchestration is a promising new category in security. As often happens, vendors are quick to take advantage of the ambiguity that sometimes exists when new technologies are introduced. It’s common to see companies reposition their products as being perfectly suited for whatever happens to be the popular, new technology. Unfortunately, this is the case for automation and orchestration.
One area where this has been pronounced is with vendors who offer products designed for workflow or ticket management. While these systems can help to speed incident response time, they fall short of full-fledged automation and orchestration platforms mainly due to the lack of decision making support.
The a16z podcast explores this concept as well, though in a broader sense. Automation began as a way to protect humans from the risk of dangerous work, and then gradually evolved to include monotonous work too. Now we’re on the cusp of the “third wave” of automation which is allowing machines to make decisions.
In my opinion, this is one of the key differences between augmentation and automation. While augmentation aims to make the analyst’s job easier with workflow and other tools to manage an incident, automation actually allows the analyst to work “out of the loop” where incidents are handled without their direct engagement unless there are exceptions to manage.
VP, Products & Marketing
Phantom automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: www.phantom.us.