Important lessons from our cybersecurity automation journey (Guest blog by BT)
Automation in cybersecurity is becoming a critical part of an organisation’s defences. Our cyber defence journey and experience in automation spans over 20 years and we’ve learnt a lot along the way.
Looking back, our automation story began in the early 2000s. We’d started to notice recurring patterns on our network, usually just before a customer reported a failure on their broadband or telephone line. So rather than keep fixing the problem reactively, we decided to investigate a way to automate a process that could detect these patterns and prevent failures before they happened.
As our earliest large-scale automation, it took the pressure off our engineers and reduced faults which improved our customers’ satisfaction. Plus, it taught us a valuable lesson, that with the right data and people we can free up our engineers, and their expertise, to focus on more complex tasks.
Introducing security automation
From here, we started exploring all the areas that automation could provide benefits for our organisation. That’s why in 2018, we began our automation journey in our Security Operations Centres (SOCs). Unlike many other companies, our SOCs managed both internal and external security so we realised we had access to this incredible set of data to automate internal and external security as one.
With this data, we set out to harmonise the customer experience when changes or incidents were handled in different or multiple locations. We wanted to save time by improving our analysts’ efficiency and provide great experiences for customers while automating best practice. But the reality was not so straightforward.
Learning from setbacks
Our initial achievements didn’t match our ambitions. It was a big learning curve for us, and we discovered some key lessons from the start of our automation journey that went on to significantly change our approach:
- never try to automate a complex process that’s not fully understood – it simply creates even more complexity
- always take incremental steps - find marginal gains in existing processes to deliver real improvements
- never accept that a system is perfect – automation is a continuous learning and improvement process
- automation isn’t a solo task – for success, people need to pull together and collaborate around a common mission.
Discovering unexpected benefits
We also uncovered a number of unexpected benefits in a variety of areas. Across our analyst teams, the drive to collaborate around automation boosted our team’s morale, satisfaction went up and in turn this helped drive better retention, greater focus and ultimately better experiences for our customers who worked with them. Plus, there were also considerable cost and time savings.
Using these learnings, we’ve now automated large sections of our key playbooks for a more consistent experience. It’s saved us significant handling time on many simple service requests and incidents, freeing up our analysts to focus on more critical work. In a few cases, we’ve even been able to significantly reduce the number of different systems our analysts use to resolve a situation.
Informing our present
We’ve leverage all our years of experience and learning to recently launch our most sophisticated cybersecurity platform yet – Eagle-i.
Built as a response to today’s increasingly complex threat landscape, the platform uses automated decision making so that it can learn from each intervention. This means it constantly improves its threat knowledge to protect our customers, and can ultimately predict and prevent attacks before they inflict damage.
We’re also committed to tackling the cyber skills gap and developing the next generation of cybersecurity professionals. Our security apprenticeships and graduate scheme, along with our new reskilling programme in partnership with CAPSLOCK, are key ways we're achieving this.
As the number of cyber threats continues to increase, it is no longer possible to manually react to all the alerts. Adopting automation in strategic and critical security functions is therefore critical to managing the cyber threat landscape, and protecting your organisation.
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Upcoming events
Get involved
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.