What We Learned from the SANS 2021 Automation and Integration Survey

SANS just released the results of its 2021 Automation and Integration Survey, a valuable annual resource for understanding the state of security automation and organizations’ plans for the coming year. Each year, SANS surveys hundreds of security administrators, IT managers, and other professionals from a range of industries to get their perspectives and hear their real-world experience.

As a sponsor of the survey, we have made SANS’ post-survey whitepaper, which goes through the results in depth, available for download on our website. Get your copy of the entire SANS paper here.

 The results are fascinating as always, with the COVID-19 pandemic shaking things up in unexpected ways. In this blog, we’ll discuss a few key takeaways, look at the picture the survey paints of automation in 2021, and consider how D3 SOAR fits into that picture.


Overall Increases in Automation

Adoption of automation is up greatly in the past year. The authors of the paper speculate that the pandemic accelerated these increases; however, they also point out that spending forecasts for the next 12 months suggest that the growth will be sustained. From the 2020 to the 2021 survey, there was a 24.9% increase in the number of respondents who reported a high level of security automation in their organization and a 9.7% increase in the medium level. Only a combined 2.2% reported no automation or didn’t know how much automation there was in their organization.

This is not a one-off bump in automation driven by the unique circumstances of the past year. 85.3% of respondents’ organizations plan to automate some security and incident response processes in the next 12 months, a 27% increase over the 2020 respondents.


What Buyers Need from Automation Tools

There are some general themes that showed up across the responses, namely a desire for openness, connectivity, and ease of use in automation tools. When asked about the factors that influence investment in automation, the second-most common response was automation and interoperability across existing tools. Organizations don’t want to swap out their entire stack for something new; they want to get more from what they have. This goal is served well by D3, as the leading vendor-neutral SOAR provider and with 360+ codeless integrations. D3 is the perfect tool to maximize the value of your existing investments by increasing interoperability and adding automation to tools that don’t have it on their own.

When asked what potential risks respondents see for security automation, the second-most common response was a lack of internal skills needed to implement automation. The concern over internal skills is why D3 has revamped its configuration processes and pioneered codeless playbooks. Many SOAR vendors expect a lot of Python coding from their users, but not D3. We have truly drag-and-drop playbooks and integrations that require no coding.

When asked what essential automation requirements would improve their security posture, the respondents showed a clear desire for the capabilities of a SOAR platform like D3. The two most common responses were a library of best practices for easy automation and automating SecOps workflows and policy execution. These responses reflect another theme throughout the survey, which is the need to integrate automation capabilities with the realities of your security culture and environment. With a library of playbooks that can be adapted to fit any organization’s procedures, D3 doesn’t just throw a bunch of features at you, it gives you simple tools to codify your best workflows so they can be automated or run even by less experienced staff.


Download SANS’ 2021 Automation and Integration Survey

Those are just a few of our takeaways from reading the results of the survey. To get your free copy of the results, along with expert analysis from SANS, head over to our resources page.

Social Icon
Walker Banerd

Walker is D3 Security's Director of Content Marketing. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.