Ellis Research Institute

Automation is becoming a ubiquitous component of modern security analysis. Acting as an extension of the analyst, automation increases the overall potential for review and therefore, the benefits of automation cannot be ignored. The size of security-related data sets are constantly growing, while incident mitigation time-lines steady fall – leaving little room for conducting analysis at the “speed of humans.” Automation and custom-developed tools are a critical part of addressing these time-line concerns as well as the other issues that arise from large-scale analysis. Producing and supporting these new tools, processes or capabilities introduces additional complexity and potential for error that must also be considered for automation to be considered successful. With benefits, concerns, and mitigations in mind security teams can identify new and valuable places to focus research and development on automated capabilities.