It is quite an obvious question, right? Automation is a key component of any company from any industry anywhere in the world. It is all started with Henry Ford’s assembly line in 1913, which revolutionized mass production. Information Technology and Cybersecurity essentially very similar to assembly line, where you deliver certain service or product to your internal or external customer. The same as Ford’s team was building their cars, we build IT or security products, whatever it is, the actual software platform or threat intelligence service, what is essentially is a product too.
Every company I’ve been working with had an automation to the certain degree, but I was always looking for other opportunities to automate whatever is possible to automate, from ticket creation to automated incident triage. Any organization will give you challenges, from my experience, mostly due to the internal policies (information security team doesn’t allow to use Microsoft Teams WebHooks) or network segmentation limitations (production and research networks are different entities). Other challenges can arise as well, sometimes they occurred because of company tools stack, like when half of the infrastructure is on Cloud and part is on-premise, when your Microsoft Exchange is running 2019 version. Despite all of the mentioned challenges, there are always workarounds, e.g. rent VPS to run non-critical automations, which won’t impact the company integrity and privacy.
Automation is essential; any task that requires more than 2-3 routine steps and human attention should be automated. With the LLMs development, it became feasible to automate even more complex tasks, which require comprehensive data analysis. For instance, ChatGPT API allows you to integrate basically any solution, which can send HTTP requests and the prices are very-very affordable, especially after the release of new GPT-4o model and structured output feature. Here is a small chart of spending for the month of July, we use it to automate the analysis and summarizing of certain quite huge blogs of texts + occasional random asks:
Do not forget to make sure the clarity and correctness of provided prompt to get the most accurate and expected output. Consult with information security team about submitting the data via API for analysis and read Terms & Conditions carefully.
There are many benefits of automating boring and routine tasks, let me outline the most impactful from my opinion:
- Direct Positive Impact on the Business, Cost Savings, Time Savings
Pretty straightforward thing, more automation means less manual work, more cost savings, more time for actual business revenue tasks, more money (and honey). In addition to that, we also get cost savings helping us to maintain the budget. - People Burn Out Less, Helps to Retain Talents
The fact, which could much more important, than a business impact, people burn out less. Burning out is one of the most severe problem in IT in general, automation can help not to solve this problem, but postpone it, because creative tasks is a human driver, it gives a person motivation and willingness to work and learn new things everyday. I’ve seen people losing motivation because massive part of their job was doing the one same thing every day, it is especially painful, when this part is essentially meaningless and doesn’t bring any value to the team and company, but needs done just because of very unclear reasons.
- Less Human Errors
We all are humans and we all make mistakes, this is totally normal, forgot to attach a document to the email? Forgot to put a certain information after closing the alert in SIEM or ticket in JIRA? This is fine, but automation can help you to completely eliminate such minor mistakes.
Instruments to automate
Internet offers a HUUUGE amount of different tools, mostly NoCode or almost-NoCode solutions, I know few of them and heard the feedback from other people:
- Zapier
Commercial solution with thousands out-of-box integrations, if you have budget and short on time, go ahead. - n8n
Open source alternative to Zapier, less out-of-box integrations, but we have a beauty of open source products – great flexibility and full customization.
When you choose between commercial and open source, it is always a trade of TIME and SKILLS of your team for the open source solution or PRICE and SUPPORT for the commercial product.
While we have out-of-box solutions with NoCode style of automation, there are few other classic ways to employ automation in your organization: PowerShell (mostly for Windows/Azure based infrastructure), Python (quite universal language, all you need is interpreter being installed, but it also depends on company policies as not always you are allowed to install Python on Windows machine), Bash (mostly for Linux-based infrastructure). Using pure programming languages require a lot of knowledge and expertise from the team, not every team has such capabilities, but you are lucky, if your team is proficient in couple of programming languages
There is one special case – Microsoft PowerAutomate, which is great solution, if you want to connect M365 suit components between each other and make them to communicate and share data. This is an amazing tool, if you want to bring together a set of Microsoft solutions, like a combinations of Microsoft Teams + Outlook + Word/Excel.
Short Conclusion
Automation is no longer a luxury but a necessity in today’s tech environments. By carefully selecting the right tools and processes, organizations can reduce human error, prevent burnout, and increase overall efficiency. Whether through open-source tools like n8n or commercial solutions like Zapier, the possibilities are endless, especially when you choose to use Python as your way your automate.