The Automation Engine

This entry is part of a series that outlines key criteria to consider when evaluating Security Automation & Orchestration (SA&O) platforms. This entry focuses on the automation engine, one of eight core components of an SA&O platform.

Like the orchestrator component we explored in the first entry of this series, the automation engine component is another critical area when evaluating an SA&O platform.

There are three definitions that will add context for understanding automation engine criteria. Security automation is defined as “the machine-based execution of individual security actions.” A security action is a discrete, individual analyst function that is usually performed manually. It is the automation engine component of an SA&O platform that executes these individual security actions.

With these definitions in mind, here are two important criteria to consider:


It is important to understand how the automation engine will scale to meet performance demands. Scaling here can mean both vertically (e.g. increasing CPU and RAM resources) and horizontally (e.g. increasing server instances). It’s natural to expect that an organization will automate more use cases over time. With each additional use case, however, there is additional processing load placed on the automation engine. So it becomes important to protect the automation Return on Investment (ROI) by increasing the automation capacity of the platform.


Threats evolve quickly, so security technologies have to evolve in lockstep to maintain the effectiveness of an organization’s defenses. As technologies become available, the architecture of the automation engine should support adding new security actions that are able to take advantage of them. Moreover, the engine should support these new security actions without major re-engineering.

Learn More

This blog entry has touched on the two most important automation engine criteria to consider when evaluating SA&O platforms. There are many more criteria to consider, but these two will help you gauge your long-term success with a potential selection.

We invite you to learn more about this and other components by downloading the Phantom white paper A Buyer’s Guide to Security Automation and Orchestration Platforms. The guide explores key components, attributes, and considerations that you should evaluate as you compare SA&O platforms.

Download the guide today.

Chris Simmons
Director, Product Marketing