Enhance threat response with Tines' Automation Capability Matrix

Written by John TucknerHead of Research at Tines Labs, Tines

Published on January 10, 2023

This article was posted more than 18 months ago.

Tines' Automation Capability Matrix is a set of techniques designed to help security operations teams understand their automation capabilities and respond more efficiently to security incidents. With this new matrix, teams can identify automation opportunities and implement strategies to enhance their threat response efforts. This blog offers key insights into the Automation Capability Matrix, giving you a comprehensive understanding of its purpose and benefits.

Unlocking the full potential of security operations centers is no simple matter; automation offers a path to progress, but it takes careful strategizing and implementation for true success. It isn’t always helpful to simply say that almost anything can be automated or that endless possibilities exist. There can be a huge gap between wanting to automate processes and actually making that happen.

The Automation Capability Matrix is a Tines Labs tool we’ve created to represent the techniques we see security operations teams most commonly implement and the sequence in which capabilities provide the most value. It helps describe the methods many teams may already use and applies a structure to more easily demonstrate how the featured techniques fit together.

The Automation Capability Matrix provides a way to think about what is next in growing the automation capabilities of your security operations center. It is not a list of specific use cases related to any one product or service but a way to think about what capabilities your organization might need to succeed and what types of products or services could support your goals. 

The framework reads from left to right and top to bottom within categories. While it is minimally opinionated about which capabilities bring the most value or are easier to implement, the framework is adaptable to what your unique organization finds most valuable. Each capability can stand alone in the matrix, but joining many capabilities together can produce many more complex and powerful outcomes.

The matrix is a way for teams to visually demonstrate where they are in their automation journey to other key stakeholders as well. Soon after implementing a few capabilities, your team will understand which capabilities they're utilizing most, the associated activities, and their value, such as time saved or reduced response time, enabling you to decide what to prioritize next. As the matrix matures, our Tines Labs team plan to break down capabilities by organization size and industry and share that research with the community.

Check back soon for more blog posts with tips for utilizing the Automation Capability Matrix in your organization.

Built by you,
powered by Tines