How best to use orchestration and automation in cyber security operations is a question that many CISOs have been asking themselves. But when it comes to orchestration, what difference does it make if you use it with or without intelligence. Are there obvious benefits that we’ve been ignoring for years and how will its adoption change organisations in the long term?
Orchestration informed by security intelligence from within your environment, and threat intelligence from a variety of external sources, is more effective, resilient, and adaptive. An intelligence-led approach will inform your strategy for orchestration in multiple ways. By having intelligence on an adversary’s capabilities, attack patterns, and intent, organisations will be able to build and configure orchestration capabilities to defend networks. Even better, orchestration can be built to be more adaptive to changing adversary capabilities, attack patterns, and infrastructure as both internal security intelligence and external threat intelligence is available.