This vendor-written tech primer\u00a0has been\u00a0edited by Network World to eliminate product promotion, but\u00a0readers should note it will likely favor the submitter\u2019s approach.\n\n\nThere\u2019s been a lot of talk about security automation, but it\u2019s increasingly unclear what is what. For example, a Network World article on security automation last year focused mostly on threat detection, a Gartner report on Intelligent and Automated Security Controls focused on the threat intelligence component, and another recent piece referenced security automation simply as \u201cthe automation of cybersecurity controls.\u201d\n\n\nThe fact is, security automation is starting to go beyond prevention and detection technologies, reaching into other important components of IT infrastructure to more reliably protect organizations. Here are four of the newest and most advanced elements you should consider when discussing security automation:\n\n\n1. Policy execution.\u00a0 As networks have grown significantly more complex, manually managing associated security policies has become nearly impossible. Enter policy execution automation, which refers to the automation of any administrative work required of IT security. A variety of vendors offer tools for automating the management of network security policies, which can help you more easily meet internal or regulatory security requirements. Some also offer automated services for administrative tasks like user onboarding\/offboarding and user lifecycle management. Automating the provisioning, deprovisioning and user access can help IT teams gain greater control over data, costs and time, and the companies offering the tools sometimes refer to themselves \u2013 or are generically referred to by others \u2013 as offering security automation.\n\n\n2. Alert monitoring and prioritization. Some people view the job of automation through the lens of monitoring and prioritizing alerts. Traditionally, alert monitoring and prioritization was a manual task, and a very tedious one at that. A team of analysts in a security operations center would have to compile alerts and literally stare at monitors all day in order to determine which data points were important. Today, there are methods for automating alert monitoring and prioritization that vary in sophistication. For example, this might include setting rules and thresholds, relying on threat intelligence or implementing more advanced behavioral analytics or machine learning technology.\n\n\nSetting rules and thresholds is dwindling in its effectiveness, as it relies on manual input from a person to determine which alerts are important and which aren\u2019t. And it also requires regular maintenance of those rules because cybersecurity threats are constantly changing and often hackers know exactly which alerts companies will be looking for. Relying on threat intelligence, on the other hand, is a little more reliable. This form of automation refers to the collection of threat intelligence from multiple sources, and it can help companies know which alerts to look for and which are important. For instance, if a company is able to access and consume multiple intel sources, it would know when a certain type of attack is occurring across the globe. Automated threat intelligence can then help the company prepare to protect itself against that potential, incoming attack before it\u2019s too late.\n\n\nBehavioral analytics and machine learning are among the most advanced forms of automation for alert monitoring and prioritization because they don\u2019t rely on rules and thresholds or \u201cknown threats.\u201d Instead, this type of technology can learn what normal network behavior looks like, easily and immediately pinpoint any abnormal behavior, and then statistically score the priority of each potential threat that should be investigated.\n\n\n3. Incident response planning. Incident response planning is also being referred to as security automation. One way to think about this technology is as a smart ticketing system that helps companies track the evolution of a security incident and coordinate the actions required to respond. Vendors in this space help companies develop playbooks for different types of threats so they can automate portions of their response when every second counts. They automate workflow so companies can make sure they\u2019re communicating with the appropriate internal and external contacts, adhering to regulations for topics like privacy notifications, and establishing a clear audit trail.\n\n\n4. Investigation, action and remediation.\u00a0 Automating the investigation, action and remediation of a cyber threat is about utilizing technology to perform tasks just as a qualified cyber analyst would. In a way, the other elements of security automation \u2013 from policies, to prioritization, to planning \u2013 are all working towards this end goal of quickly finding threats and shutting them down before they impact operations.\n\n\nThere are different aspects of what a vendor might automate when it comes to investigation, action and remediation. For example, some might only address one of those three components, while others focus on a specific task, such as automating the containment of compromised devices. There are also companies that use automation and artificial intelligence to conduct the entire process from end-to-end, just as a cyber analyst would.\n\n\nAll of these security automation technologies free up overtaxed security resources, allowing security teams to be less focused on mundane \u2013 but essential \u2013 tasks, and more focused on strategic initiatives that will make their organization more secure.\n\n\nAccording to data from the Breach Level Index, 1.9 million online records were compromised every day in 2015. That\u2019s 80,766 records every hour, or 1,346 records every minute. The near constant occurrence of data breaches shows no signs of slowing down, so companies can\u2019t afford to have any lingering questions about the concept and capabilities of security automation.\n\n\nPrioritize the automation of your IT security infrastructure and recognize that multiple elements can be automated to help keep your business safe. Automating policy execution, alert monitoring and prioritization, and incident response planning can drastically increase company productivity and reduce costs. And by fully automating the investigation, action and remediation of threats, companies can simulate the experience and logic of experienced cyber analysts at scale, thereby guaranteeing stronger security and compliance overall.\n\n\nBarak is CEO and Co-Founder of the security orchestration and automation company, Hexadite. Prior to founding Hexadite he was the head of Elbit Systems Ltd.'s Cyber Training and Simulation Team, training analysts to respond to cyber threats \u2013 in both private and public sectors, and served five years in an elite intelligence unit of the Israeli Defense Forces (IDF).