For many years, incident response automation has been seen as a panacea to reach for, removing much of the manual labour involved in responding to a security incident. Tasks that are suited for automation are those for which the outcome is defined and relatively certain, such as deploying antivirus defences, authentication controls, automated patching and firewall management. However, there is a significant amount of uncertainty associated with cybersecurity, which requires that the response to a situation must be dynamic and agile. Orchestration provides the answer to this – it uses automation where possible, complementing this with human coordination where necessary to achieve the desired result.
Author/s: Fran Howarth