Is “no-code automation” the newest buzzword in cybersecurity? Some fashionable trend that sounds promising but doesn’t have any legitimate legs to stand on? Or is no-code automation the evolution of security automation we’ve been waiting for, that can reshape the productivity and efficacy of SecOps teams for the better?
In my 15 years as a security practitioner, I found that no-code automation was what I wanted for my teams. I saw capable and skilled security practitioners spend most of their days doing monotonous, repeatable tasks; they were security analysts, and not coders, so they needed to rely on developers to create automation for them. This took time—and more time if they wanted to improve or iterate on the process.
That’s why I created the no-code platform I always wished had existed for my team. We’ve been pioneers of no-code automation since 2018 and spent a lot of time discussing the concept with security operations teams. While no-code automation frees up teams to be more impactful, productive, and creative, there’s still confusion around what it is and the benefits it can provide. Here are the most common misconceptions we hear, and what the truth is when it comes to no-code automation.
“I could just write a script to do this.”
You could just write a script—if you know how to. But security practitioners often don’t have that skill, meaning they have to outsource their automation creation to others. Additionally, the easy part with code is writing it the first time. The hard part is the deployment, security upgrades, maintenance, versioning, and downtime that comes afterward.
No-code automation keeps workflow automation with the security team and is as easy as dragging-and-dropping actions into a storyline. No-code also allows even technical users who can write code to focus on what matters: the workflow.
“This isn’t powerful enough for our workflow.”
No-code automation platforms provide the building blocks to security teams, who can then architect the workflows they need from simple login confirmations to complex, all-encompassing vulnerability management.
Just like how you can build almost anything out of a small number of LEGO bricks, there’s no ceiling to the complexity a security analyst can set up, or the number of steps. Additionally, with half of analysts saying that what they dislike about their jobs is time spent on mundane work, automation is more necessary than ever.
“Automation means getting rid of team members.”
From what I’ve seen, this very rarely happens in practice.
First, those who are automating their tasks then gain that as a skill, and analysts who begin to automate then continue to make those processes more efficient and effective. What also happens is that when analysts begin to automate their tasks, it frees them up to focus their energy and attention on high-impact work like improving the organization’s security approach, rolling out new technology, or providing outreach and training to other teams.
Additionally, because of no-code automation’s ease of use, analysts can maintain and evolve their workflows, which is especially beneficial as processes and threats continue to change. Automation unlocks the potential of team members—and team members who are engaged in and excited by their work stick around.
“Automation will make rash decisions during remediation.”
Automation isn’t necessarily all or nothing, as many may assume. Instead, good automation platforms make it easy to put a human in the loop for important decisions.
Instead of automating black-and-white remediation actions like blocking an account after a suspicious login, ask the affected user or an analyst for their human judgment first. This can easily be done through automating Slack messages—”Did you recently log in from a certain location?”—and automating the responses—”Yes, it was me” or “No, it wasn’t”—to continue the workflow.
“The no-code automation platform should have a built-in case management tool.”
Many security teams have used SOAR platforms that include automation in them, and also offer other organizational tools such as case management or collaboration. But we’re at a point where teams are turning away from “big box” stacks toward one-off tools that are the best at what they do, such as JIRA, Slack and others. Why would it be any different with a no-code platform that solely focuses on workflow?
NO-CODE IS NO BUZZWORD
Misconceptions about new technologies arise because teams are so used to one way of doing things that they view new tools and processes through a single lens. But no-code automation’s benefits mean that it’s more than just a buzzword or fad; indeed, it is the next phase in the evolution of security. If you’re ready to bring the power of no-code automation to your organization, here are five steps to follow:
Step 1: Evaluate your options. Find vendors with named customers you respect and demonstrable experience solving your use cases.
Step 2: Run a POC (proof of concept) process. Instead of choosing an easy workflow, pick your most complicated and difficult existing one for a realistic understanding of capability.
Step 3: Purchase the best tool. Consider the pricing model, not just the price.
Step 4: Build workflows iteratively. Start small with prototypes and MVPs. Expand workflows piece by piece to cover edge and corner cases. Deploy the simplest usable version to production first.
Step 5: Deployment is only the beginning. Keep maintaining and evolving the workflow in production. As your company’s processes and threats continuously change, so should the workflow.
Founder at Tines, a platform that allows anyone to automate repetitive security workflows without writing a single line of code.