No-code vs. low-code and near-no-code security automation

It seems that “no-code” is a term we hear more often in the security automation context these days. While it’s not quite a popular concept, it is nonetheless worth discussing. And this is especially true because automation has become one of the major talking points in cybersecurity.

How is no-code automation implemented in cybersecurity? How do no-code and Sumo Logic automation compare to each other? Why does Sumo Logic make it unnecessary to have developers in your organization, being a near-no-code solution? We’ll discuss all these questions in the following sections.

Despite no-code and near-no-code being our focus, we will also examine low-code and full-code automation. These concepts are closely related and will help you gain a better insight into automation.

Three types of security automation

We define the main concepts in our discussion of security automation in the following way:

• No-code automation means you can automate an entire workflow and add integrations, as an indispensable part, without using code and relying on developers altogether. Moreover, you can achieve this feat without any coding knowledge and skill.

• Low-code or near-no-code automation means you can automate a workflow and integrate new tools easily using code and relying on developers. In this case, automation is extensively but not entirely code-independent.

• Full-code automation is automation entirely dependent on code. In other words, to create automated workflows and add integrations, you rely on coding and developers throughout the entire process.

If you're already familiar with no-code, low-code and full-code automation in cybersecurity, you can discover more about Sumo Logic's unique approach by jumping ahead to the Going above and beyond: automation without developers section.

The current state of affairs: no-code vs. full-code vs. low-code security automation

No-code automation

Codeless automation solutions seem easy to use, but the ease of use comes with a trade-off: severely limited flexibility and customizability. They offer exclusively ready-made integrations and pre-built workflows with only a narrow application in the gazillion possible real-world scenarios.

Customizability and flexibility are critical to building a scalable and robust security posture in a fluctuating cybersecurity landscape. Therefore, from security operation centers’ standpoint, this trade-off can be a colossal drawback and a reason to look beyond no-code automation.

Besides, in cybersecurity, maximum accessibility sounds more like a to-do list item than a reality. It is hard to imagine anyone besides a security professional in charge of automation, no matter how high the level of technology abstraction is.

Full-code automation

Unlike no-code, full-code automation is highly customizable precisely because it is implemented through code. On the flip side, it is time-consuming, complex, and requires experts’ help, which affects the user experience.

Due to its complexity and suboptimal user experience, full-code automation is hardly acceptable in today’s excessively complex cyber environment.

Low-code / near-no-code automation

Low-code is somewhere in between no-code and full-code automation. It is highly flexible—as low-code development has proved elsewhere—and it helps you avoid the pitfalls of both.

Near-no-code solutions allow you to use as much custom code as necessary to adjust a workflow and extend integration options. But they also include a visual editor where you can edit pre-built playbooks or create brand-new workflows, which makes them user-friendly.

Unlike no-code, low-code solutions have richer integration libraries. More importantly, they provide on-demand integrations through simple code. In addition, they include advanced reporting still missing in no-code solutions. Almost the same applies to case management.

Compared to full-code automation, the visual interface makes them far more user-friendly, easier to use, and appealing.

Why no-code security automation can’t exist

No-code security automation can’t exist in the long term because cybersecurity processes and vendors' APIs evolve.

Flexibility in building integrations is vital for security automation. But it is hard to imagine how you can have flexibility without the possibility of using code. Users often ask for actions that work differently or require different logic than the common. A generic “one size fits all” approach simply doesn’t work well in practice.

Concerning cybersecurity tools integration, Sumo Logic is aware that APIs change and businesses evolve, and so do the processes that protect those businesses.

For example, security professionals may want to:

• Extend integrations’ action functionalities and go beyond standard actions

• Modify action parameters by changing the name or order of inputs, adding personalized hints and default values, creating new fields, and more

• Personalize action results, for instance, by removing the fields they don’t need

• Create custom table views by filtering and grouping the available data in an organized way, allowing them to see only the most relevant information

• Refactor in case integrated technologies evolve—for example, if APIs or endpoints change

Sumo Logic’s Cloud SOAR offers all these possibilities and then some to its customers. In contrast, no-code solutions cannot provide these options due to their nature (if they want to keep identifying as authentic no-code automation tools).

So, if we think about automation in terms of creating playbooks, no-code is not just possible but is becoming a widespread phenomenon. As we’ve seen, creating playbooks without code is part of a near-no-code / low-code platform, not just a no-code tool feature set.

On the other hand, in terms of integrations as essential components of automated workflows, no-code automation cannot exist. When we say it cannot exist, we mean it is unviable because integrations depend on a stack of variables that entail adjustments, and you cannot make adjustments without changing the code.

Going above and beyond: security automation without developers

Low-code automation sounds almost like the ideal solution. Where can you go further from there?

The answer is the Sumo Logic approach to security automation.

Sumo Logic and low-code tools resemble each other. They both include no-code automation’s main advantages, allowing you to use playbooks out of the box and install tools from an integrations library without ever using code. The profound difference, however, is that the Sumo Logic team develops all the new connectors you need, which makes having developers on your team optional.

That means Sumo Logic goes further than a near-no-code or low-code platform. It allows users to employ code for automation and integration purposes without them necessarily being the ones who develop the code.

For a more precise and complete picture, Sumo Logic achieves this through its SOAR solution, which includes:

• Pre-built customizable automated workflows, i.e., playbooks

• A user-friendly visual editor where you can create new playbooks and customize the existing ones without code

• A stack of customizable ready-to-use integrations

• Ability to add new integrations or tailor existing ones through code implemented by the Sumo Logic team itself

The last point is paramount as it explains why you don’t need to rely on developers, even if you need to use code for automation and integration purposes. The Sumo Logic team covers everything customers need, including the development part, thus creating a highly convenient customer experience.

Sumo Logic Cloud SOAR: automation with or without developers

Sumo Logic Cloud SOAR offers maximum integration flexibility. It includes the advantages of a near-no code platform, plus every upside of no-code tools.

Open Integration Framework

If your team has experience with code, you can leverage Cloud SOAR’s Open Integration Framework (OIF). It is one of the most valuable assets of Sumo Logic’s SOAR. The OIF is a graphical environment that includes a full-fledged IDE and supports multiple languages: Python, Perl, PowerShell, Bash scripting, and YAML.

The OIF is where you change existing code, add new code, and define custom actions. Anyone can access it and effortlessly develop a wealth of new connectors. Nonetheless, the Sumo Logic Cloud SOAR team provides the necessary training for in-house developers to get the most out of the OIF.

Near-no-code Cloud SOAR

Cloud SOAR is built for maximum efficiency so that you achieve a lot with little, almost no code.

Sumo Logic’s SOAR allows you to create integrations via Docker containers. Building a new connector is as straightforward as:

1. Creating an integration definition container through the OIF, which allows you to upload individual action files

2. Coding an action in the integration action files using one of the supported scripting languages

3. Choosing a Docker container you want your integration to be executed in, using different third-party libraries in the process

Troubleshooting integration issues is a breeze. Cloud SOAR tells you the exact error it encounters (authentication, credentials, and others) whenever it interacts with external tools or services and something goes wrong. If it is a code-related input error, the SOAR indicates the line or parameter that requires editing.

Leverage Cloud SOAR’s free support

On the other hand, if you don’t have developers on your team, Sumo Logic adds or modifies any actions you need, but keep in mind that this perk applies to commercial products with well-defined API documentation. For all other functionalities, from creating playbooks to generating reports, you don’t need code—Cloud SOAR is no-code through and through.

On top of this, the experienced Sumo Logic team makes your Cloud SOAR implementation highly convenient by providing different onboarding packages and support, thereby assuring high implementation speed.

Tips and takeaways

The ability to modify code is critical to an efficient SOC because it leads to flexibility and customizability.

No-code has its merits. However, once a user’s needs become more complex and sophisticated, it is hard to imagine how a no-code security solution catches up with customers’ requests. For this reason, Sumo Logic, through its SOAR solution, offers both: near-no-code automation features and ease of integration.

Check out our Illuminate 2022 video for more information on the Sumo Logic automation vs. no-code security automation. And if you want to prepare for an automation project, learn how to make the most of automation with Cloud SOAR—we would be happy to help.