International Cyber Expo International Cyber Expo
  • About Us
Tuesday, 14 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The role of automation in incident response

by The Gurus
December 10, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

The role of automation in incident response
John Bruce, CEO & co-founder, Resilient Systems
Faster response can make the all the difference when faced with a cyber threat.  Getting there is an emerging priority for cybersecurity professionals, and organisations are still working to develop an expertise and develop best practices. Automation is becoming a trend as organisations see it as a way to become faster – but there are limits on using automation in IR.
One reason organisations struggle with IR is that it differs greatly from prevention and detection – two technology-based processes. With prevention and detection, organisations buy world-class tools to in many instances replace employees from security process as much as possible.
Incident response is a different story.
A key difference in IR is that automation is not the goal – but an accelerator to rapidly achieve the goal of responding intelligently in record time.  Human involvement is critical. The complexity of IR demands human decision-making: once a breach has taken place, the implications move beyond the network into legal ramifications, customer relations, marketing, and even board-level decisions.
Ultimately, it’s the same as physical security. Take airports, for example: prevention and detection is largely managed by technology such as metal detectors – but if there is an incident, emergency response is always coordinated and controlled by people, with technology playing a complementary role.
When creating IR procedures, automation is a tool. It needs to be deployed thoughtfully and carefully to speed and enrich the human response – not replace it. There are four components of incident response – preparation, assessment, management, and mitigation – and, when used appropriately, automation can play a critical role in each phase.
Preparation
Effective response requires provisioning for and preparing IR processes long before an incident occurs. Businesses should build out and document IR processes (playbooks), practice response, and orchestrate the process to measure and improve response performance.
It’s also the time to build out – and, over time, increase – automation capabilities. Organisations should start simply by automating incident creation or data collection, and test these functions over and over until they’re sure the automated systems will work as desired every time. Look at the data you’re collecting. Can you do it faster or smarter?
Assessment
Context is key in incident response. But for many, gathering insight about an incident involves logging into countless individual systems – a SIEM, networking monitor, or other source – extrapolating data in multiple formats, and compiling it into one report. It’s a tedious and inefficient process – but one that can be automated. Leveraging emerging technologies will empower security teams to integrate and interface with these various tools quickly and compile information on specific incidents can dramatically enhance IR speed and effectiveness.
Management
Incident response stretches across business functions – from IT and security, to legal, HR, marketing, and the C-suite. Ensuring everyone’s in the right place at the right time and knows precisely what to do is critical.
Thankfully, this task management and coordination can also be automated to a certain extent as systems can recognise a familiar threat and automatically launch response workflows. When dealing with substantial threats, the automation process can pass the decision to humans who decide how best to act.
Mitigation
Finally, this is where the human factor is irreplaceable. Automation can be helpful in increasing the speed and effectiveness of response – but it’s still human decision-making that’s most critical. IR teams can automate the process of quarantining infected machines, profiling targets, or blocking malicious IPs (and many mature IR teams do) – but it requires the human mind to put it all in context, grasping the environment, complex controls, and extensive testing to ensure that automated processes don’t inadvertently harm your business.
The nature of incident response means that it is not a wholly technological process – the best practice for incident response is to align people, process, and technology. IR teams must work to ensure that automation processes are trust-worthy and enriching human decision-making, not designing them out.

ShareTweet
Previous Post

Global survey by Gemalto reveals impact of data breaches on customer loyalty

Next Post

Air Canada, San Diego Zoo and easyJet* exposed customers’ credit card details

Recent News

Q&A: Cyber’s Headed Back to the CSIDES

Q&A: Cyber’s Headed Back to the CSIDES

July 13, 2026

UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts, Check Point Research Reveals

July 13, 2026
Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol