How to automate security operations

Last updated: September 15, 2025

An avatar of the author
Katie Burton
Bar chart titled "Most Are Still Hammering Away..." showing survey percentages for manual operations: Manual w/ limited autom

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

This article discusses challenges and best practices for automating security operations, highlighting that manual tasks still dominate despite advances in security devices and overlays. It explains why task validation and repeatable scripting are prerequisites for reliable automation in heterogeneous device environments lacking consistent APIs, and outlines operational impacts such as reduced downtime and fewer security breaches when scripts are properly developed and tested. The piece advocates combining crowd-sourced expertise with network security policy orchestration and validation platforms to speed automation adoption and maintain compliance and productivity.

Why does the article say manual tasks still dominate security operations despite advanced devices and overlays?

The article points out that although security devices and overlay technologies have advanced, the architectures of many devices lack consistent APIs and programmable components. This inconsistency forces teams to create custom scripts for each device or OS, which is labor-intensive and fragile. As a result, organizations continue to rely on manual tasks because automation is difficult to implement reliably across heterogeneous devices without repeatable, validated scripting and supporting tooling.

What are the main causes of scripts breaking in security automation projects?

According to the article, scripts commonly break when the underlying device operating system is upgraded, when new features are enabled, or when administrator changes introduce different command styles — analogous to language differences in human communication. These scenarios, among other unspecified changes, create fragility in custom scripts. The lack of standardized, programmable interfaces means each change can necessitate script updates, increasing risk of security breaches and network downtime.

What practical steps does the article recommend to create repeatable scripts before automating tasks?

The article recommends establishing skilled coders for target security devices and instituting a peer-review process by subject-matter experts before code is deployed. It advises performing both manual and automated testing of scripts prior to production approval and maintaining a repository of reusable rules and scripts to reduce duplication. The piece also suggests leveraging platforms that combine policy orchestration with task validation and tapping into community expertise to ensure best practices for security and compliance from the start.

Since you are interested in automating security operations, listen to this Intel Chip Chat with Indeni’s CEO, Yoni Leitersdorf. He discusses trends in network operations and automation.

+++

Follow up to 451 Research Webinar with Tufin

In a recent webinar by 451 Research and Tufin, they shared a graph that resonated with us quite a bit. Despite the advancements in security devices and overlay technologies, manual tasks still dominate day to day for security operations and engineering.

View Webinar presentation here

“The challenge for InfoSec environments is that we need to get our teams to do more with the capabilities they have. One of the biggest things to do.. is validating what you already have in place” – Eric Hanselman, Chief Analyst at 451 Research

How to Automate Task Validation

One of the reasons it is so difficult to implement automation across security devices, such as firewalls, is due to the architecture of the devices themselves. We discussed in more detail the lack of APIs and consistency in operating systems in a previous post here. In short, if you are working with a device that does not have programmable components, you will be recreating the scripting wheel every time you write a command.

Custom scripting leads to security breaches and network downtime

Scripts will break in many scenarios sometimes including:

  • When you upgrade to a new operating system
  • When you enable new features
  • When you change administrators (Fun fact for non-techies: Similar to human-to-human communication, there are many languages to use when communicating with a device)
  • Countless others ?

Before achieving task automation, you must first create quality, repeatable scripts. Only then can you automate the execution of pulling or pushing commands to these devices.

How to make repeatable scripts:

  • Have a person (or team) who can code to your security devices
  • Implement a peer review process by subject matter experts before code is used
  • Perform manual and automated testing of code before approving for production
  • Create a repository of rules and scripts to allow for reuse where possible (For example Juniper provides a number of security, switching and routing products that use the same operating system JUNOS)

Crowd-sourcing + Network Security Policy Orchestration = Productivity

If you are considering policy orchestration, you should also consider a platform that includes task validation to assist building a strong foundation. By implementing an agile but consistent development process at the scripting level, you can tap into the largest community of IT certified professionals, and ensure industry best practices for security and compliance are in place at the start of your automation journey.

Learn more about Indeni network automation solutions here.

If you found this useful please share with your community by clicking the social icons at the top of the page. Thanks!

Published on: February 16, 2018

An avatar of the author

Related content

Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more