Cybersecurity automation is one of the most powerful tools in modern cybersecurity. It’s capable of improving both the speed and accuracy of threat detection and response.
But as with any transformative technology, adopting automation in security operations can cause scepticism and raise questions.
From concerns about job displacement to fears of making the wrong configuration decisions, many organisations hesitate before fully committing to automated solutions. If you’re struggling with these concerns, you’re not alone.
Let’s walk through some common objections about automation with automation experts Yakub Desai (CloudGuard) and Sean Tickle (Littlefish).
They’ll show you how with the right approach, automation can enhance both the efficiency and effectiveness of your security operations.
Objection #1: Automation leads to complacency
One common worry is that automation could lead to complacency, especially if it creates a layer of “invisible” issues. The concern is that automation handling false positives might mask underlying detection issues, giving a false sense of security.
Counterpoint:
Automation isn’t a “set-and-forget” solution. For it to be truly effective, security teams must prioritise continuous tuning and regularly review detection rules.
Automation should complement human oversight, not replace it. This means teams stay actively involved in ensuring alerts remain accurate and relevant. Yakub said:
Automation without tuning can breed complacency, covering up inefficiencies instead of addressing them.
What we recommend:
- Set up regular review cycles where your security team evaluates automated processes.
- Consider implementing quarterly reviews of automation effectiveness with key stakeholders in your automation security team to keep detection rules optimised and ensure automation is always working for you.
Objection #2: Cybersecurity automation will replace jobs
Another worry is that automation might eliminate roles, particularly for Tier 1 analysts, creating anxiety about potential job loss. People fear that automation will take over entry-level tasks, potentially making some roles redundant.
Counterpoint:
The purpose of automation is to empower analysts, not replace them.
Allowing automation to handle repetitive tasks frees up valuable time for analysts. 71% of analysts face some type of burnout, and this is usually due to repetitive tasks.
Working with automation they can engage in higher-level work that requires critical thinking, creativity and strategic development. This shift enables security teams to become more efficient while also allowing analysts to grow their skills.
Rather than eliminating jobs, automation opens new avenues for career growth by enabling teams to focus on the tasks that add the most value, like investigating complex threats or learning new techniques. Sean said:
We’re not cutting headcount, we’re giving our analysts room to grow and become more skilled. They’re no longer bogged down by menial work; they’re mentoring, learning and making real impact.
What we recommend:
- Invest in continuous training for your team to ensure they are prepared for the higher-level tasks automation will enable them to focus on.
- Encourage your analysts to develop new skills in areas like incident response, threat hunting, or data analysis. It’s more than likely they want to grow and move into more impactful positions.
Objection #3: Over-automation can create inefficiency
When automation is applied indiscriminately, there’s a risk of over-automation. This could lead to inefficiency, where processes are automated without addressing root causes, creating more issues than it solves.
Counterpoint:
For automation to be successful, it should be closely coupled with process improvement. Automation should be applied thoughtfully and selectively, with a focus on streamlining and optimising workflows.
After automating a task, make sure to periodically go back, evaluate and rework the process to ensure it is productive and effective.
This approach not only makes the process more efficient but also helps the automation itself run smoother, solving problems from the ground up.
For example, at CloudGuard, the cost optimisation layer of our PROTECT service ensures that your automation efforts are both effective and efficient.
We carefully select the data ingested into Microsoft Sentinel to reduce unnecessary data and associated costs. This makes automation more targeted and resource efficient.
When calculating ROI, you can factor in not only the cost savings from automation but also the reduced risk of costly security breaches and the increase in operational uptime.
Streamlining workflows and reducing unnecessary data ingestion allows organisations to see measurable improvements in both efficiency and security posture, ultimately translating into a stronger return on investment.
What we recommend:
- Before automating any process, perform a thorough assessment of the existing workflow to identify pain points.
- Start with automating low-risk tasks first to establish quick wins. Once those processes are running smoothly, revisit and refine more complex workflows. Yakub said:
It might seem like you’ve spent like a day automating something that only takes someone 5 minutes to do. But then you’ve saved 5 minutes every single time that process is used, and that huge savings.
Objection #4: Cybersecurity automation could decrease alert visibility
There’s concern that by automatically handling certain alerts, automation might hide important warnings or misclassify significant threats, leading to missed incidents.
Counterpoint:
When configured well automation can improve visibility by prioritising alerts and reducing noise. Rather than masking critical issues, automation can help security teams focus on the most pressing threats.
Remember, a typical SOC receives around 4,484 alerts daily, and these are usually low priority or repetitive tasks.
Automation can take care of false positives and managing lower-priority tasks. This will ensure that urgent alerts rise to the top, so your analysts don’t waste time on routine issues. Yakub said:
Automation should help us reduce the noise, not mask it. It’s there to support us, not to hide the inefficiencies.
What we recommend:
- To improve alert visibility, configure your automation system to prioritise high-severity alerts and ensure false positives are filtered out.
- Implement tiered alerting where the most pressing incidents are flagged for immediate action, while lower-priority events are reviewed in a secondary round.
Objection #5: Automated attacks are increasing, how can we keep up?
Attackers are increasingly using automation for fast, sophisticated attacks, and defenders worry they’re constantly playing catch-up.
Counterpoint:
The only effective way to combat automated attacks is with better defensive automation.
Implementing intelligent automation ensures cybersecurity teams can respond as quickly as attackers. Automated defences can adapt to new threats faster than manual processes ever could.
When automation is proactive and designed to evolve alongside emerging threats, it keeps security teams one step ahead, empowering them to adapt to new vulnerabilities and attack techniques. Sean said:
It’s about making our analysts quicker and more effective, letting automation handle the heavy lifting so they can make strategic decisions.
What we recommend:
- To keep pace with automated threats, implement proactive threat hunting as part of your automation strategy.
- Use machine learning to identify emerging patterns in attack behaviour, allowing your team to respond faster than ever.
- Pair automated detection with manual investigation, allowing your analysts to focus on the most complex threats while your automation system handles the repetitive tasks.
Objection #6: AI will make attacks more sophisticated
With the rise of generative AI, attackers are using this technology to craft more sophisticated phishing attacks and other complex threats that bypass traditional defences.
You’re not alone in thinking this. A recently study by Kaspersky showed that three quarters of those responsible for managing their business’s cybersecurity are concerned about AI-amplified cyber attacks.
Counterpoint:
Attackers use AI to their advantage and so defenders can also use Generative AI for good. Security teams can use AI to analyse behaviour, classify incidents more precisely and provide comprehensive context for alerts.
AI can efficiently process large amounts of data, identifying patterns and subtle indicators of compromise that may otherwise go unnoticed.
Security teams can match the sophistication of AI-driven attacks, increasing the efficiency and accuracy of their response. Yakub said:
We’re not just reacting anymore, we’re predicting and preparing. That’s the real power of AI on the defence side.
What we recommend:
To stay ahead of AI-powered threats, make sure your automation solution integrates advanced AI capabilities for real-time threat detection.
Use a automation for the analysis of large datasets and identify subtle signs of compromise that traditional methods might miss. Regularly update your AI models with the latest threat intelligence to ensure they remain accurate in detecting evolving threats.
Threat intelligence feeds like Recorded Future make this easy.
Final Thoughts
It’s a no-brainer that businesses should start experimenting with automation today. It helps take care of repetitive tasks, giving your team more time to focus on more strategic activities.
Remember, automation should be used to strengthen and complement human capabilities, not replace them.
It’s important for teams to address these common objections head-on and approach automation with a growth mindset. Why? So, security teams can achieve more effective, proactive defences, ensuring they stay agile and ready for evolving threats.
Can I get an encore?
Do you want more? If you enjoyed reading this, be sure to listen to the full conversation on cybersecurity automation with Yakub and Sean.
