Professional Documents
Culture Documents
Learn How To Streamline Security With Security Orchestration, Automation, and Response (SOAR)
Learn How To Streamline Security With Security Orchestration, Automation, and Response (SOAR)
Key Topics
1 What SOAR Is (and Isn’t)
5 Next Steps
#1
What SOAR Is (and Isn’t)
Security orchestration, automation, and response (SOAR) is a new way of
approaching security that coordinates, automates, and completes tasks on a
unified platform. SOAR streamlines security, freeing organizations to refocus on
core capabilities.
SOAR is a mindset, not necessarily a tool. Taking a SOAR approach doesn’t change
the prevailing cyber concept of operations, but it might change how you work.
S O A R
Security Orchestration Automation Response
Restriction of a system Coordination between Performance of a task Reaction to problems in
to its intended use
many different systems with minimal human our information systems
and the protection of interaction
confidentiality, integrity,
and availability of
that system
#2
SOAR Challenges and
Opportunities
Challenge
Resolution
Challenge
Resolution
When you buy a SOAR tool, you should also budget time
to absorb and implement the SOAR tool.
Challenge
Resolution
Opportunitie
Opportunitie s
s
3
—Christopher Crowley, Senior instructor, SANS
#
Integrating SOAR with AWS
One of the advantages of using SOAR is that you can use external tools such as a
EM
SI or other enterprise tools to gather more contextual data on the alerts
coming out of AWS. Here are tools you can find in AWS to help you get the most
out of the SOAR platform :
Amazon GuardDuty is a threat detection service that continuously
monitors for malicious activity and unauthorized behavior to protect
your AWS accounts, workloads, and data stored in Amazon S3.
When responding to incidents in AWS, you can use the SOAR platform to execute a
series of responses to trigger different AWS services.
You have options. Integrate with potentially hundreds of other tools outside of
AWS such as JIRA to create a ticket for the resource owner or the security team, as
well as engage a messaging tool like Slack to start a chat group with the security
team and the resource owner.
#4
See it in Action:
Challenge
Offer open access policies that support research across departments and users, but
lock down security policies and procedures to protect from potential attacks.
Solution
Sumo Logic Cloud SOAR now acts as the main control plane for UC Davis SOC
workflows.
Result
£ Seamless orchestration of disparate technology and tools for better SOC
workflo
£ Reduction of response times to cybersecurity threat
M
£ inimization of time spent triaging thousands of hourly alerts, reducing alert
fatigu
£ Automation to help the UC Davis SOC cope with the large, 12,000+
investigation workloa
£ UC Davis transition to SOAR for all standard SOC workflows
Next Steps
Deploy seamless storage solutions across your cloud and
on-premises environments.
View On-Demand
Talk to an Expert
Discover Solutions Get connected with a solution
AWS capabilities to support
architect that can share best
end-to-end requirements. practices and help solve your
business challenges.
Visit AWS Marketplace
Get Connected