Effective cyber defense requires time-consuming analysis and a level of data aggregation and correlation that is at best an art, and at worst cost prohibitive. Meanwhile, attackers remain agile and inventive, rapidly changing their methods with minimal costs (to them). Automation brings with it the promise of leveling the playing field, giving more time back to defenders and keeping us equally agile. Unfortunately, it is far more common that automation in cybersecurity expands already monolithic tool sets, extends vendor lock-in, and increases our support costs.
This talk will outline a pragmatic approach to automation in cyber defense that increases efficiency without breaking your budget. Attendees will learn how to identify candidate tasks and workflows ripe for automation, apply a repeatable approach to introducing automation, and avoid common pitfalls in building a more automated cyber defense.