India’s rapid digitalisation is driving network automation, with latest software increasingly being used to configure and manage network infrastructure. However, this surge in digital adoption has been accompanied by a corresponding rise in cybersecurity threats, prompting enterprises to rethink their network protection strategies.
As per the Data Security Council of India’s recent report, the country witnessed over 370 million malware attacks in 2024, averaging 702 detections every minute. In just the first quarter of 2025, cyberattack detections exceeded 369 million, placing India second globally in terms of attack volume. In addition, threat actors are becoming more sophisticated, leveraging modern technologies such as artificial intelligence (AI) to launch automated attacks that are increasingly difficult to detect. In this evolving threat landscape, secure network automation is no longer a luxury – it has become a necessity.
Network automation and security
Network automation introduces new security risks that can compromise network performance and stability, potentially undermining its intended benefits. Traditional networks have relied on manual safeguard methods, often focusing on maintaining data confidentiality, integrity and availability through access control and threat detection. In contrast, modern networks demand that security be embedded into the automation process itself. This includes securing automated policy changes, ensuring configurations are secure by design, and applying security policies consistently across the network through automation. This translates to automated configuration validation, continuous system monitoring and accelerated threat response. Furthermore, the automation tools and scripts must be safeguarded against tampering, with strict access controls over use and execution.
When implemented effectively, automation can improve network security by predicting and mitigating threats without human intervention. For instance, in the case of distributed denial-of-service (DDoS) attacks, deliberate attempts to overwhelm a targeted server or network with excessive internet traffic from multiple sources, often through botnets, has made these networks inaccessible to legitimate users. Indian telecom networks have seen a significant rise in such attacks in recent years. However, with automation, these networks can be programmed to reroute traffic or activate DDoS mitigation protocols the moment an attack is detected, eliminating the need for manual intervention. This ensures service continuity and improves cost efficiency for enterprises.
Zero-trust principles
The zero-trust philosophy is becoming increasingly common in network security. A zero-trust networking framework is built on the core principle of “never trust, always verify”. Unlike traditional security models, which often assume that internal network traffic is inherently safe, zero trust requires every access request, whether internal or external, to undergo continuous authentication and validation. This approach is critical for ensuring robust network security and is typically implemented through mechanisms such as automated access controls, continuous identity verification and network micro-segmentation. Additionally, real-time analytics and AI-driven policy enforcement help maintain consistent and robust security across increasingly complex and distributed network infrastructures.
Solutions for securing network automation
To strengthen network security amid cyberthreats, enterprises are adopting several key technologies. These include:
Security orchestration, automation and response (SOAR): SOAR refers to a suite of tools designed to enhance the management and resolution of security incidents. SOAR platforms integrate various security tools and processes, automate repetitive tasks and coordinate responses to incidents in order to improve overall security operations. SOAR plays a key role in modern cybersecurity given the growing volume and complexity of security threats. By automating routine tasks and orchestrating responses, SOAR reduces the burden on security teams, enhances incident response times and ensures a more proactive security posture.
Policy as code (PaC): This method applies automation to define, enforce and update security policies through codes, rather than manually feeding it in the system. PaC allows infrastructure and security policies to be written as configuration files, making them reproducible and easier to audit. This consistency helps in ensuring compliance across different environments and simplifying updates when these regulations or threat profiles change. PaC ensures that policies are consistent across environments and reduces configuration drift. For instance, if a compliance rule changes, an engineer can update the policy code and an automation tool will update all relevant network devices or cloud settings.
Intent-based networking (IBN): IBN combines AI and machine learning (ML) to automate network configuration and management in line with business objectives. It allows administrators to set high-level goals, which the system translates into specific configurations. By anticipating and addressing issues such as breaches or anomalies before they escalate, IBN enhances network resilience and simplifies the management of complex digital infrastructures.
Micro-segmentation: This approach involves dividing the network into separate isolated segments, each governed by its own security rules. It is particularly effective in cloud environments. Micro-segmentation limits the lateral movement of attackers within the network. Even if one segment is compromised, others remain secure, thereby preventing a full-scale network breach.
Network detection and response: Developed to detect and mitigate advanced threats that bypass traditional security measures, these solutions use behavioural analytics and ML to monitor network traffic and flag anomalies in the network. By establishing a baseline of normal activity, these systems can identify suspicious behaviours associated with malware, targeted attacks, or insider threats, playing a critical role in an increasingly automated landscape.
Government policies and compliance
India’s cybersecurity regulations have evolved rapidly to address emerging threats, significantly impacting how organisations implement network automation. Regulatory frameworks now demand faster threat response and stricter control mechanisms, prompting firms to automate compliance processes.
The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, serves as the national agency for handling cybersecurity incidents. Since its establishment in 2004, CERT-In has issued alerts, conducted vulnerability assessments and offered technical support across sectors. The agency also collaborates with domestic and international stakeholders to strengthen the country’s cyber defence posture. One of its core responsibilities is monitoring India’s digital infrastructure to detect malicious activity. In case of a breach, CERT-In acts as the central reporting authority, working alongside relevant public and private entities to manage the response. As per the latest guidelines, issued on April 28, 2022, all service providers, intermediaries, data centre operators, body corporates and government organisations are required to report cyber incidents to CERT-In within six hours of detection or notification. Therefore, to comply with such strict timelines, many companies have now automated their log retention and analysis, feeding real-time data into centralised security systems for faster incident detection and reporting.
Similarly, the Digital Personal Data Protection [DPDP] Act, enacted in 2023, underscores the need for robust security protocols. It mandates that organisations implement “reasonable security safeguards” to protect personal data and imposes heavy penalties for data breaches. In response, firms are increasingly turning to automation tools, such as PaC, to enforce data localisation, access controls and encryption. Automated monitoring of data flows and the use of predefined incident response playbooks also support regulatory compliance, mitigating legal exposure in the event of a breach.
Challenges
While these security measures and regulations are essential, their implementation presents several challenges. A significant hurdle is the lack of skilled professionals, particularly those with expertise in both networking and cybersecurity. As per latest industry estimates, India needs over 1.5 million cybersecurity professionals to meet the growing demand. This talent shortfall increases the risk of misconfigurations, especially when automation systems are deployed without adequate knowledge, potentially creating new vulnerabilities instead of resolving existing ones.
Legacy systems pose another major barrier. Many Indian enterprises, particularly in sectors such as banking, telecom and manufacturing, still rely on outdated technologies that are not compatible with modern automation frameworks. These legacy systems are not only difficult to automate but also lack the security features required to protect against contemporary threats, thereby expanding the risk landscape.
Tool fragmentation also presents a challenge. For example, organisations often use separate platforms for firewall management, intrusion detection and cloud security. These systems function in silos, making it difficult to establish consistent security policies or automate incident response across the entire network. The result is often referred to as the “Frankenstein problem”, a disconnected mix of tools that complicates integration and undermines operational efficiency.
The way forward
As India advances on its digital transformation journey, secure network automation will be crucial for maintaining performance, ensuring compliance and building resilience against growing cyberthreats. The country’s network security market is projected to grow from its current valuation of $1.3 billion to $4.5 billion by 2033, reflecting a CAGR of 14.5 per cent over the period 2025-33.
To stay ahead, enterprises must invest not only in automation tools but also in skilled personnel, unified architectures and integrated security strategies. A holistic approach, combining zero-trust principles, AI-driven threat detection and PaC practices, can help build networks that are both agile and secure. Further, strengthening collaboration between the public and private sectors, promoting local innovation, and embedding cybersecurity into every layer of the automation life cycle will be essential to ensure that automation delivers not just speed and scale, but also safety and trust.
