Security Orchestration Can Help Business SOAR

Uploaded on 2021-07-27 in TECHNOLOGY--Resilience, FREE TO VIEW

Threats to organisations are coming thick and fast and often businesses do not have adequate or up-to-date solutions to mitigate them. Then, couple it with data being shared in multiple silos, often unprotected, as employees try to find easy ways to work with data.

Companies often have a ‘knee jerk’ reaction to controlling their networks, finding themselves with layered security systems, multiple data packages, all trying to synchronise with each other, with little holistic forethought.   
 
Because data and computing reside in so many different environments, manually monitoring all possible attack vectors is challenging, and getting more so every day. As a result, many organisations find it hard to keep their security posture up to date, are disorganised or lack processes to support a coordinated security operation. This results in inefficiencies, budget increases and the demand for cybersecurity professionals outpacing supply.

Conventional Approach

The security model used by many enterprises is to monitor IT environments as if they were separate systems, i.e. one cloud-based system will have a different monitoring process to another, as they are hosted on different vendor platforms with locally provided monitoring. This is inefficient and can damage incident response times for security events, which will damage the business.
  
A New Approach

Companies should adopt a unified cyber strategy across architecture, acquisition/merger and regulatory compliance, to reduce risks across the business. 

A united security solution, tailored to the organisation’s cyberspace environment, will reduce blind spots resulting in a comprehensive view across the enterprise. In addition, the deployment of cyber defences, that can prevent hybrid attack methods involving insider, supply chain and other technical attack vectors across the estate, are vital in defending against future sophisticated attacks involving malicious, target driven actors, using spear phishing techniques.
 
 Automation can help by increasing the speed, consistency, quality and reliability of tasks, helping to deal with evolving attackers and a company’s ever-changing technical environment as it grows. Companies can apply automation across many areas of their systems and use it for a variety of deployments and operational use cases, such as onboarding new staff, ensuring they are granted the correct credentials for their role, even assigning a laptop and desk. It is not just a security tool.
 
Using automation to accelerate detection and incident response for a malicious cyber activity will help organisations improve operational resilience and make the most of limited cybersecurity resources, while keeping up with the increasing volume, variety, and velocity of cyber-attacks.
 
Security orchestration (SOAR) is a method of connecting disparate security tools, teams and infrastructures for seamless, process-based security operations and incident response. 
 
A SOAR solution can help transition and transform an organisations security posture with a scalable, intelligent platform for extended security orchestration, automation, and response. By offering a single platform to manage cases and collaborate on investigations, a SOAR system optimises the efficiency of security operations. It uses machine learning to support functions such as incident classification and lists next steps according to the organisation's standard operating procedure (SOP). 

Playbooks empower the SOAR system to carry out a predefined action, including change management, blocking attacks or feeding into a ticketing system. The objective of a Playbook is to automate processes that do not need full supervision, hence taking over many routine tasks.  Many Playbooks are available, but they can be easily created using straightforward flow maps,  quickly adding company-specific process to the SOAR.   

Benefits of Automating Cybersecurity

Automating cybersecurity with a SOAR system creates a simplified operation, empowers the business and deters threats. This reduces the risk to the organisation through early detection of cyber activity, enhanced resilience, performance and greater scope of monitoring security-related information, using standardised best practices. This directly leads to a return on investment by reduced mean time to detect (MTTD) an incident, reduced mean time to respond (MTTR) and automated mitigations to ease the burden on support teams. 

Conclusion

All size and type of organisation can find significant value through automating frequently executed, simple-to-perform and error-prone tasks. It also provides a single pane of glass view of the enterprise, removing the need for operation teams to log into multiple platforms to try and gain an overall view. Consider the many systems needed to add a new user, providing them with all their equipment, access rights and other onboarding functions such as training.
 
Automation, specific to the security layer, focuses on four high-level use cases: deployment, configuration, response and assessment. By having one consolidated view of the IT landscape, any attack can be blocked before it takes hold, all parties made aware and risks dramatically cut. Probably its most powerful attribute, but not used regularly, is the ability to migrate to new systems, such as from one Firewall vendor to another. Such tasks can take weeks to accomplish, but with a SOAR it is hours.

Colin Tankard is  Managing Director of Digital Pathways

You Might Also Read: 

Five Ways Automation Can Help Fix The Cybersecurity Skills Shortage:

 

« The Semiconductor Shortage Is Causing Cyber Security Problems
Data Privacy Is Key To The Technology Battle With China »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

Guy Carpenter

Guy Carpenter

Guy Carpenter delivers a powerful combination of broking expertise, strategic advisory services, and industry-leading analytics.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Sasa Software

Sasa Software

Sasa Software is a cybersecurity software developer specializing in the prevention of file-based network attacks.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Greensafe IT

Greensafe IT

Greensafe offer various onsite and offsite data erasure services, aimed at increasing data security whilst reducing any risk of data loss during transit.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

Oxeye

Oxeye

Oxeye fills the gap between cloud and code to show exploitable vulnerabilities, and their path from API to code. More visibility. Less noise. More time to build.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.