Professional Documents
Culture Documents
SOARing in The Networks
SOARing in The Networks
SOARing in The Networks
THROUGH THE
NETWORK
From processes to
technology,
SOAR modernizes
network security
Sponsored by
SOAR platforms
SOAR
of security automation such as configuration
management,” says Doug Barbin, principal
put network and cybersecurity and emerging technologies
T
here are few who would claim that explains
cybersecurity is easy. Far from it. Thus, SOAR information targets can include
the impulse to automate and improve logs, network connections, files and drive
cybersecurity operations is being actualized images, all of which need to be preserved in
with the growing adoption of SOAR — a forensically sound manner. “So,” Barbin
security orchestration, automation and says, “in that respect, it is imperative the
response — platforms to help organizations SOAR platforms integrate with as many
ensure good cybersecurity practices and existing security and operating technologies
optimal results. as possible.”
The promise of More
SOAR is that it
OUR EXPERTS: SOAR importantly, says
will help automate Doug Barbin, principal, Schellman & Company Barbin, incident
the tasks or Tim Callahan, CISO, Aflac response is about
functions central Terry Jost, managing director, Protiviti communication
to cybersecurity Lena Licata, director, EisnerAmper and coordination.
threat detection John Oltsik, senior principal analyst, Response teams
with little or Enterprise Strategy Group need a secure and
no human Kimberly Verska, CIO and managing partner, trusted means
intervention, while Culhane Meadows to collaborate
orchestrating the Shanchieh “Jay” Yang, professor, Rochester Institute utilizing channels
disparate products of Technology that are not at risk
and response tasks Umesh Yerram, vice president, chief data protection officer, of compromise
via workflows. AmerisourceBergen during an incident.
And it is catching “I actually hate
on. the term SOAR,” says John Oltsik, senior
In Accenture Security’s recently released
State of Cyber Resilience Report a poll
showed more than 4,600 enterprise security
principal analyst at Enterprise Strategy
Group in Milford, Mass., noting that the
term originally came from competitor
$6T
By 2021 it is estimated
practitioners and found SOAR is currently Gartner. that it could cost up
ranked solidly in the top three cybersecurity “Really, what we are talking about here to $6 trillion to fight
technologies. starts with the process, not the technology. cybercrime
“From my perspective, SOAR represents an The technology is what you can use to
evolution and alignment with the other types modernize your processes,” he explains. – Cybersecurity Ventures
In addition, Jost suggests five aspects of implementation that should be considered with
SOAR:
1. Consider focusing on the most critical cyberthreats and protection of the most
critical assets.
2. Creating top-down governance structures assures consistent operations.
3. In order to avoid over-investing and over-developing integration scenarios, it is important
to reach an agreement on the target maturity levels of your operations. In general,
the more mature your organization, the greater the benefit you will receive from SOAR.
4. Do not forget to construct governance layers, as most tools will require administrator
$2.5M
Maximum estimated
privileges, and plan for changing approval levels. In other words, don’t simply provide costs of unplanned
unlimited access to everyone. Adjust as roles change. application downtime
5. It is important to create a comprehensive set of use cases to test the resulting function per year
of the overall SOAR. —AE
– IDC
80%
Percentage of data
breaches caused
by compromised
privileged credentials
– Forrester
SOARing
in the Cloud
When security teams first deploy security orchestration, As you consider your organization’s current needs and
automation and response (SOAR), they typically focus on attempt to anticipate what’s to come, you should ensure the
common use cases, such as phishing attacks or security SOAR solutions you are evaluating offer:
information and event management (SIEM) alert triage.
By automating these critical but time-consuming tasks, security 1. Customizable case management capabilities that can fit
operations centers (SOCs) are enabled to focus on higher-value your organization’s operational and business processes
investigations and analyses while reducing the organization’s and procedures, both now and in the future.
overall mean time to detect and respond (MTTD/MTTR).
2. A robust catalog of integrations that work with your
on-premises and cloud-based services while helping you
But it is not enough to orchestrate and automate critical
avoid a vendor lock.
processes. The SOC must be able to adapt to an evolving
threat landscape and security marketplace. 3. The ability to be deployed in a high availability
environment—including a microservices architecture.
A container-based deployment, including Kubernetes,
means it can be deployed to fit your current and
growing needs.
Every day, organizations are moving their on-premises The cyber threat landscape isn’t static, so your SOC shouldn’t
applications and services to *aaS and cloud-based service be either. Your organization will evolve, and your business
providers, requiring their SOC teams to adapt accordingly. processes will change, as will the tools you currently have
This means the SOAR platform your team has or plans to and plan to deploy in your security stack. To deploy a SOAR
deploy must also be able to change and scale with your platform successfully, it is crucial you choose a solution
organization’s evolving needs—a SOAR solution that that is primed to scale with your organization, whether it is
doesn’t care where it’s implemented. on-premises, in the cloud or a combination of both.
1-844-SWIMLANE | swimlane.com