In my 15 years as a security practitioner leading security teams, I consistently saw overworked analysts so consumed with tedious, repetitive tasks that it not only kept them from focusing on higher-impact projects that could benefit the organization, but I also saw it lead to burnout. And burnout leads to churn.
Because of this, I saw automation as a friend to the SOC, not an enemy, and made it a priority to build automation that would help security analysts, not replace them. Here are three reasons why analysts shouldn't fear automation, and why automation is a must-have for SOC teams.
3 reasons why analysts should not fear automation
If you're uncertain about automation, you're not alone. In our recent report, "Voice of the SOC Analyst," we found that 69% of analysts fear automation will eliminate their job. However, there's a different way of looking at automation that demonstrates its benefits for the SOC.
History tells the story
It's a common fear of those who hear the word "automation" to think that robots are taking their job—as well as their ability to put food on the table, pay rent, and find new work. But automation was never intended to eliminate jobs, rather to transform and improve them instead. Take the U.S. economy as a whole: Despite there being more technology and automation than ever across all sectors, unemployment is at a 50-year low, and income and productivity are higher than ever.
It's similar in security automation. Once analysts are given the superpower of automation, they first replace the tedious and mundane manual tasks that bog them down each day. They then go on to build entirely new processes, creating more efficiencies and more value for their team.
There's a lack of talent
Right now, there's a lack of talent coming through the security pipeline. Over the past eight years, the number of vacant cybersecurity jobs grew 350%, with 3.5 million open in 2021, according to Cybersecurity Ventures. This leaves teams understaffed and stretched thin, as we saw from responses in the report.
Automation can help with understaffed teams in two ways. First, automating lower-level tasks can take a lot of work off of stretched-thin analysts, freeing up hours of time. For example, Critical Start found that 70% of analysts investigate 10 or more alerts each day, with each alert taking 10 minutes or more to investigate—nearly two hours per day of simply investigating alerts.
This freedom will also allow them to spend more time on higher-impact tasks, using their skills and training to proactively build up their organization's security posture, letting them play a more valuable role in it, as well.
Automation is for you
As more teams recognize the benefits of no-code automation, it will become a core competency of security analysts. Of course, automating a workflow isn't a one-and-done task. It still involves creativity in building the workflows over time, expanding them to cover several operations, and updating them as needed. Our customers typically automate an average of 20 workflows in their first year.
Knowing how to build and expand no-code workflows, as well as knowing how to maintain them and update them as organizational needs change, is a skill that brings a lot of value to the SOC, which ultimately brings value to the organization.
Why no-code automation is a must-have for the SOC team
No-code automation isn't just a valuable tool for analysts; it can positively impact your SOC team, as well, in the following ways.
Retention: In our report, we uncovered that while analysts are generally satisfied with their jobs, 71% are suffering some level of burnout, and 64% plan to look for a new job in the next year. Their biggest frustration? Spending their time on tedious manual tasks.
Implementing no-code automation and giving your analysts the ability to start automating their tasks today, without having to know how to code, means increasing engagement, satisfaction, and happiness—and increasing retention.
High-impact activities: If analysts could automate their manual tasks, they said the top three activities they would focus on would be updating operational documentation, developing advanced detection rules, and integrating more systems and logs. Having tasks automated would allow them to get their SOC team's documentation up to date, and allow them to focus on activities related to shoring up their organization's security, such as developing better detection approaches and becoming more educated on threats.
Stitch together your security stacks: The security stack is being unbundled, and organizations are abandoning "big box shops" for best-in-breed tools that address specific needs in more flexible and scalable ways. The problem is that there is often fragmentation across tools. However, a no-code automation platform can become the one place that stitches all the tools together across workflows.
Stay competitive: As software continues to "eat the world," more teams will fight over a small number of engineers, as well as experience an expanding set of new technology threats. The key way for security teams to keep pace and stay competitive will be through no-code automation, which can increase productivity and empower teams quickly.
Learning to love no-code automation
SOC teams that view automation as a tool to help analysts be more efficient, and more empowered in their work, will give security analysts the ability and freedom to do their best work in the future.
