Time is a key element in preventing and responding to cybersecurity threats within an enterprise. To make the most of the security teams’ time, data analysis company Splunk Inc. has been leveraging automation to enhance its enterprise security solutions.

Built on the strengths of Phantom Cyber Inc., bought by Splunk in 2018, the Security Orchestration Automation and Response, or SOAR, technology enables the automation of much work that security analysts would perform manually.

“Typically, if analysts are looking at an event, it would take them 10 minutes best case, 11 hours worst case to analyze that and do all the work that they need to triage it,” said Oliver Friedrichs (pictured), vice president of security products at Splunk. “By automating, we are able to reduce that to a best case of a second and worst case of 10 minutes.”

Friedrichs spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed the role of automation in contemporary security solutions and how the increasing use of automation also by attackers can create a “robot war.”

Automation helps free up security analyst time

Automation targets many routine tasks to free up analysts to perform more proactive, higher-order activities, according to Friedrichs. “Things that actually require human thought versus the repetitive work,” he said.

But it is not just about replacing the daily tasks of analysts. For example, SOAR has become multipurpose and today integrates over 300 security vendors to allow for total security orchestration, automation and response.

“The typical large enterprise has maybe 60, 70 security products that they are all managing from a browser tab or a different log in,” Friedrichs said. “What SOAR platforms do is to tie those together and allow you to manage those products very rapidly in the case of an event.”

While automation is being effectively used in today’s security solutions, it’s important to remember that cyberattackers are also increasingly using automation, according to Friedrichs.

“We’re just starting to catch it up and use it effectively to defend ourselves; it will be very interesting to see where it goes,” he said. “Maybe one year from here we will have robot wars and then technologies battling each other to see who wins.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference.

Photo: SiliconANGLE