Automation an Area of Growth: Results of the 2019 SANS Automation and Integration Survey

Bethesda, Md. – Most respondents (46%) reported having minimal automation of key security and incident response (IR) processes, with an additional 39% having high or moderate levels of automation, according to the results of the 2019 SANS Automation and Integration Survey, to be released in a two-part webcast on Tuesday, March 19 and Thursday, March 21. More traditional systems under the direct control of the organization appear to have the greatest amount of automation, with industrial control systems, IoT devices or sensors, and other examples of operational technology (OT)—such as smart sensors and wearables—lagging behind.

“The movement to increased automation has been hindered by a number of misconceptions,” says SANS Analyst Program Research Director and survey author Barbara Filkins. “Too many potential automation adopters fall prey to thinking that automation is easy to implement and measure, that integration of their existing tools will be easy, and that automation will be quick to implement.”

The level of collaboration achieved between the security operations center (SOC) and IR teams appears to be a factor in organizations' adoption of automation. Organizations that have fully integrated their IR teams with their SOCs show the greatest adoption of medium- or high-level automation. How this dependency may affect future automation and integration plans remains unclear. Whereas 52% foresee no change in status during the next 12 months, 25% remain unsure. For the 23% who anticipate change, several respondents noted that they are in the midst of defining what is hindering their ability to automate.

“As organizations allocate funds and planning time, and increase communication across involved teams, they will be able to enhance their automation and integration efforts,” concludes Filkins.

Full results will be shared during a two-part webcast on Tuesday, March 19 and Thursday, March 21 at 1 PM EDT, sponsored by D3 Security, LogRhythm, McAfee, Swimlane, and ThreatConnect, and hosted by SANS.

Register to attend the March 19 webcast at and the March 21 webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and Analyst Program Research Director, Barbara Filkins with advice from Matt Bromiley, SANS Analyst and Digital Forensics and Incident Response Instructor.

Tweet This:

#SANSSurvey 2019 Automation & Integration results with SANS @mbromileyDFIR & Barb Filkins | Part 1: 3/19 @ 1PM ET: | Part 2: 3/21 @ 1PM ET:

Learn the current state of automation, integration and workflow orchestration | Automation & Integration Survey Part 1: 3/19 @ 1PM ET |

Explore how to meet the challenges and achieve benefits of security automation | Automation & Integration Survey Part 2: 3/21 @ 1PM ET |

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (