Security Orchestration vs. Automation: What's the Difference?

In the post Are You Flooded with Vulnerabilities?, we explored the ever-growing mountain of data that organizations face in managing their vulnerabilities. While software is at the root of the vulnerability problem, it’s also the solution. As individuals approach large volumes of data, software can support better decision making, collaboration, tracking, and visualization.

The key to a mature threat and vulnerability management program is to set up and consistently follow an established process that tracks each vulnerability throughout its life cycle. Given a best-practices process, the challenge becomes its real-world implementation. Two important capabilities work together to help you implement your process in the real world: automation and security orchestration.

Watch Our Webinar

How Does Automation Work?

Automation eliminates the normal human effort to accomplish a task. Simple, commonplace tasks, such as retrieving data or opening a ticket can be automated. A script encodes a task for software to complete.

However, automation is not a complete solution. When humans operate automation routines, the process tends to break down quickly – and the cost of overhead adds up. Clunky, manual steps may remain, and humans running the automation routines make mistakes. Tribal knowledge tends to get lost over time and consistency is difficult to achieve. This is where security orchestration comes to the rescue.

What is Security Orchestration?

Let’s first explore the term. Security orchestration connects multiple systems and automation in a way that provides a consistent process for data to follow. Orchestration is, for example, an automated car assembly line where multiple robots each help build the vehicle as it advances through the manufacturing process. But robots alone are not enough. Like an automation script, each robot only does a specific task. Building a reliable car also requires the overall coordination of individual tasks, which is called orchestration.

At inflection points, decisions can be made on individual records automatically, based on data. Automation scripts can be triggered to perform complex data-parsing tasks. Tool integrations allow for automated data retrieval and synchronization among systems. When human analysis is needed, the process can wait for human input.

Beyond consistent implementation, an even greater benefit of a security orchestration platform is that it allows you to minimize the human overhead and maximize the human capacity for analysis.

Differences Between Security Orchestration and Automation

In review of the differences, here are the points you need to understand when determining if a tool does orchestration, automation, or both:

AutomationSecurity Orchestration
  • The tool can be configured to calculate values based on input variables
  • The tool can make decisions and perform different actions based on those decisions
  • The tool can connect to various external system APIs
  • The tool can pause and wait
  • The tool can create or update large data sets from various sources
  • The tool can execute sequential automation routines over a time period
  • The tool can run scripts or routines in some format
  • The tool allows configuration of automation steps, decisions, and pauses within a custom workflow

Discover how NetSPI ASM solution helps organizations identify, inventory, and reduce risk to both known and unknown assets.