ELI5: What is Automation?
You know how a dishwasher washes all the dishes while you go play? Automation lets computers handle boring, repetitive security tasks on their own so people can focus on the hard stuff.
Definition
In security operations, automation refers to the use of technology to execute repetitive, rule-based security tasks without manual human intervention. Automation is a core component of SOAR platforms and allows security teams to handle higher alert volumes with the same or fewer staff by programmatically performing tasks like alert enrichment, threat containment, and routine incident handling.
Key Details
- Common automated tasks: alert enrichment with threat intel, IP blocking, account disabling, ticket creation
- Reduces alert fatigue by handling low-complexity, high-volume alerts automatically
- Requires carefully defined logic — automation of incorrect processes amplifies mistakes
- Works best for well-understood, repeatable scenarios with clear decision criteria
- Complements human analysis — complex or ambiguous situations still require analyst judgment
Connections
- Parent: soar — automation is one of the three pillars of SOAR (Security Orchestration, Automation, and Response)
- See also: playbooksrunbooks