Everyone in the security industry knows that most new security technologies start off at the enterprise level, then “trickle down” to small and medium size businesses (SMBs) as they become more mature, less expensive and easier to deploy and manage. But does the process always flow in one direction?
WatchGuard CTO Corey Nachreiner doesn’t think so. Corey wrote a column for Help Net Security (which you can read here), explaining why he believes security automation solutions are actually moving in reverse, from SMBs to enterprises. Enterprises traditionally did not consolidate any of their security services, preferring to buy best-of-breed products for each task and trusting that they had enough security experts on staff to manage all of those products. But this is changing. Here’s an excerpts from Corey’s article where he explains how enterprises are adding more automation to their security workflows.
On the consolidation side, security information and event management (SIEM) and orchestration technologies are now taking all the logs and management of many individual security systems and putting them under one pane-of-glass…Meanwhile, on the automation side of things, enterprise incident handlers are failing under the huge deluge of security incidents they see from endpoint detection and response (EDR) and threat intelligence solutions. Even if they have security professionals to man these solutions, those handlers find themselves buried under an overflow of real and false incidents. As a result, they’re turning to security automation solutions that correlate events using machine learning or other intelligence technologies.
According to Corey, enterprises are actually adopting some of the same automation technologies that have been part of UTM products for years. These automation solutions are “trickling up” from SMBs to enterprises instead of the other way around.