Security Orchestration Can Help Business SOAR

Uploaded on 2021-07-27 in TECHNOLOGY--Resilience, FREE TO VIEW

Threats to organisations are coming thick and fast and often businesses do not have adequate or up-to-date solutions to mitigate them. Then, couple it with data being shared in multiple silos, often unprotected, as employees try to find easy ways to work with data.

Companies often have a ‘knee jerk’ reaction to controlling their networks, finding themselves with layered security systems, multiple data packages, all trying to synchronise with each other, with little holistic forethought.   
 
Because data and computing reside in so many different environments, manually monitoring all possible attack vectors is challenging, and getting more so every day. As a result, many organisations find it hard to keep their security posture up to date, are disorganised or lack processes to support a coordinated security operation. This results in inefficiencies, budget increases and the demand for cybersecurity professionals outpacing supply.

Conventional Approach

The security model used by many enterprises is to monitor IT environments as if they were separate systems, i.e. one cloud-based system will have a different monitoring process to another, as they are hosted on different vendor platforms with locally provided monitoring. This is inefficient and can damage incident response times for security events, which will damage the business.
  
A New Approach

Companies should adopt a unified cyber strategy across architecture, acquisition/merger and regulatory compliance, to reduce risks across the business. 

A united security solution, tailored to the organisation’s cyberspace environment, will reduce blind spots resulting in a comprehensive view across the enterprise. In addition, the deployment of cyber defences, that can prevent hybrid attack methods involving insider, supply chain and other technical attack vectors across the estate, are vital in defending against future sophisticated attacks involving malicious, target driven actors, using spear phishing techniques.
 
 Automation can help by increasing the speed, consistency, quality and reliability of tasks, helping to deal with evolving attackers and a company’s ever-changing technical environment as it grows. Companies can apply automation across many areas of their systems and use it for a variety of deployments and operational use cases, such as onboarding new staff, ensuring they are granted the correct credentials for their role, even assigning a laptop and desk. It is not just a security tool.
 
Using automation to accelerate detection and incident response for a malicious cyber activity will help organisations improve operational resilience and make the most of limited cybersecurity resources, while keeping up with the increasing volume, variety, and velocity of cyber-attacks.
 
Security orchestration (SOAR) is a method of connecting disparate security tools, teams and infrastructures for seamless, process-based security operations and incident response. 
 
A SOAR solution can help transition and transform an organisations security posture with a scalable, intelligent platform for extended security orchestration, automation, and response. By offering a single platform to manage cases and collaborate on investigations, a SOAR system optimises the efficiency of security operations. It uses machine learning to support functions such as incident classification and lists next steps according to the organisation's standard operating procedure (SOP). 

Playbooks empower the SOAR system to carry out a predefined action, including change management, blocking attacks or feeding into a ticketing system. The objective of a Playbook is to automate processes that do not need full supervision, hence taking over many routine tasks.  Many Playbooks are available, but they can be easily created using straightforward flow maps,  quickly adding company-specific process to the SOAR.   

Benefits of Automating Cybersecurity

Automating cybersecurity with a SOAR system creates a simplified operation, empowers the business and deters threats. This reduces the risk to the organisation through early detection of cyber activity, enhanced resilience, performance and greater scope of monitoring security-related information, using standardised best practices. This directly leads to a return on investment by reduced mean time to detect (MTTD) an incident, reduced mean time to respond (MTTR) and automated mitigations to ease the burden on support teams. 

Conclusion

All size and type of organisation can find significant value through automating frequently executed, simple-to-perform and error-prone tasks. It also provides a single pane of glass view of the enterprise, removing the need for operation teams to log into multiple platforms to try and gain an overall view. Consider the many systems needed to add a new user, providing them with all their equipment, access rights and other onboarding functions such as training.
 
Automation, specific to the security layer, focuses on four high-level use cases: deployment, configuration, response and assessment. By having one consolidated view of the IT landscape, any attack can be blocked before it takes hold, all parties made aware and risks dramatically cut. Probably its most powerful attribute, but not used regularly, is the ability to migrate to new systems, such as from one Firewall vendor to another. Such tasks can take weeks to accomplish, but with a SOAR it is hours.

Colin Tankard is  Managing Director of Digital Pathways

You Might Also Read: 

Five Ways Automation Can Help Fix The Cybersecurity Skills Shortage:

 

« The Semiconductor Shortage Is Causing Cyber Security Problems
Data Privacy Is Key To The Technology Battle With China »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Magic Software Enterprises

Magic Software Enterprises

Magic provide Mobile Device Management (MDM) for Secure Enterprise Mobility. Magic MDM overcomes the challenges of mobile device management security by protecting all of your devices, data and content

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

Perception Point

Perception Point

Perception Point is a Prevention-as-a-Service company, built to enable digital transformation. Our platform offers 360-degree protection against any type of content-based attack.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

StrongKey

StrongKey

StrongKey (formerly StrongAuth) is a leader in Enterprise Key Management Infrastructure, bringing new levels of capability and data security at a price point significantly lower than other solutions.

XTN Cognitive Security

XTN Cognitive Security

XTN is focused on the development of security, Fraud and Mobile Threat Prevention advanced behaviour-based solutions.

Dreamlab Technologies

Dreamlab Technologies

Dreamlab specialises in securing critical IT infrastructures. We offer qualitative support and advice for managing your infrastructure and cyber security needs.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

National Cryptologic Foundation (NCF)

National Cryptologic Foundation (NCF)

The National Cryptologic Foundation strives to influence the cryptologic future by sharing our educational resources, stimulating new knowledge, and commemorating our heritage.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.