Skip to Content
Security Oct 13, 2022

Important lessons from our cybersecurity automation journey

By Tris Morgan Director of Global advisory, BT

Machine Learning, AI and automation are such a vital part of our cyber defence strategy today, that it’s sometimes easy to forget how we got here.

Looking back, our automation story began in the early 2000s. We’d started to notice recurring patterns on our network, usually just before a customer reported a failure on their broadband or telephone line. So rather than keep fixing the problem reactively, we decided to investigate a way to automate a process that could detect these patterns and prevent failures before they happened.

As our earliest large-scale automation, it took the pressure off our engineers and reduced faults which improved our customers’ satisfaction. Plus, it taught us a valuable lesson, that with the right data and people we can free up our engineers, and their expertise, to focus on more complex tasks.

Introducing security automation

From here, we started exploring all the areas that automation could provide benefits for our organisation. That’s why in 2018, we began our automation journey in our Security Operations Centres (SOCs). Unlike many other companies, our SOCs managed both internal and external security so we realised we had access to this incredible set of data to automate internal and external security as one.

With this data, we set out to harmonise the customer experience when changes or incidents were handled in different or multiple locations. We wanted to save time by improving our analysts’ efficiency and provide great experiences for customers while automating best practice. But the reality was not so straightforward.

Learning from setbacks

Our initial achievements didn’t match our ambitions. It was a big learning curve for us, and we discovered some key lessons from the start of our automation journey that went on to significantly change our approach:

  • Never try to automate a complex process that’s not fully understood – it simply creates even more complexity
  • Always take incremental steps - find marginal gains in existing processes to deliver real improvements
  • Never accept that a system is perfect – automation is a continuous learning and improvement process
  • Automation isn’t a solo task – for success, people need to pull together and collaborate around a common mission.

Discovering unexpected benefits

We also uncovered a number of unexpected benefits in a variety of areas. Across our analyst teams, the drive to collaborate around automation boosted our team’s morale, satisfaction went up and in turn this helped drive better retention, greater focus and ultimately better experiences for our customers who worked with them. Plus, there were also considerable cost and time savings.

Using these learnings, we’ve now automated large sections of our key playbooks for a more consistent experience. It��s saved us significant handling time on many simple service requests and incidents, freeing up our analysts to focus on more critical work. In a few cases, we’ve even been able to significantly reduce the number of different systems our analysts use to resolve a situation.

Informing our present

Our cybersecurity platform Eagle-i is the direct result of all our years of experience and learning. As our most sophisticated cybersecurity platform yet, it’s built as a response to today’s increasingly complex threat landscape.

Eagle-i has the unique ability to use automated decision making so that it can learn from each intervention and constantly improve its threat knowledge to protect our customers. It can prevent attacks before they inflict damage.

You can find out more about our next-generation security platform here.

As the number of cyber threats continues to increase, it is no longer possible to manually react to all the alerts. This is why we’ve embedded cyber threat intelligence in the heart of our transformational cybersecurity platform - Eagle-i – which will underpin all of our managed security services going forward.

Get in touch with your account manager to explore what cyber threat intelligence and our managed security services can do for your organisation.