Joseph Blankenship, vice president, research director, security and risk, Forrester Organizations must adopt a new approach to security automation that's tailor-made to address today's threats, says Joseph Blankenship, a vice president and research director at Forrester. SIEM tools provide SOC analysts with limited contextualized data as well as a disproportionate amount of false positives, he says. So the analysts need to use security analytics and other tools. “One of the things that we want the analytics to do for us is give us a better picture of what's real and what's not real,” Blankenship says. He advises organizations to liken security automation to an architecture and engineering exercise. “That requires that we examine what workflows look like, understand the types of threats that we're dealing with on a regular basis, know what kind of technology we have and design the automation to fit that.”