ne-minute WEBINAR

Learn How SOAR Helps You Streamline

Security While Improving Your Defenses
Against Cyber Attacks

Key Topics
1 What SOAR Is (and Isn’t)

2 SOAR Challenges and Opportunities

3 Integrating SOAR with AWS

4 See it in Action: UC Davis Uses Sumo Logic SOAR to 


Accelerate Threat Response and Improve SOC Efficiency

5 Next Steps

#1
What SOAR Is (and Isn’t)
Security orchestration, automation, and response (SOAR) is a new way of
approaching security that coordinates, automates, and completes tasks on a
unified platform. SOAR streamlines security, freeing organizations to refocus on
core capabilities.

SOAR is a mindset, not necessarily a tool. Taking a SOAR approach doesn’t change
the prevailing cyber concept of operations, but it might change how you work.

S O A R
Security Orchestration Automation Response
Restriction of a system Coordination between Performance of a task Reaction to problems in
to its intended use 
 many different systems with minimal human our information systems
and the protection of interaction
confidentiality, integrity,
and availability of 

that system

#2
SOAR Challenges and
Opportunities
Challenge

It’s difficult to break cybersecurity analysts out of the

entrenched mindset of working in a queue of tickets, so 

they don’t take the opportunity to deploy enhancements.

Resolution

Help analysts move out of a queue mentality and into

focusing on the improvements SOAR offers.

Challenge

Due to heavy workloads, poor planning, and ineffective

team sharing of efforts, analysts have no time, budget,
or resources to update SOAR implementations.

Resolution

When you buy a SOAR tool, you should also budget time
to absorb and implement the SOAR tool.

Challenge

The newness of SOAR technology prevents analysts 


from effectively leveraging the tool, which defers the
realization of its benefits.

Resolution

Allow analysts the growth that’s necessary to implement

the SOAR tool native to the SOAR approach and achieve
improvement.

Opportunitie
Opportunitie s
s

Resolving these challenges presents the opportunity to expand your visibility,

Resolvingand
detection, these challenges
response presents
capability the opportunity
through the relentless xpand of
to epursuit your
effivisibility,
ciency and
detection, and
improvement. Toresponse capability
start, allocate through
(at least) two the relentless pursuit
cybersecurity of efficiency
team members with and
the
improvement.
sole Toof
responsibility start,
SOAR allocate (at least)
operational two cybersecurity
improvement ¦ team members with the
sole responsibility of SOAR operational improvement¦
£ Empower this team to diagram and discuss how the organization’s security is
£ Empower
working this teamthem
by providing to diagram andfldiscuss
with work how the organization’s
ow development, diagraming, security
and is
working software
modeling ¦ them with workflow development, diagraming, and
by providing
modeling software¦
£ Ensure they have deep understanding of IT and cybersecurity practices, attack
£ Ensure
techni they
ques, have deep
response understanding
practices, and how ofto Igain
T andoptimal
cybersecurity
visibilitypractices, attack
into information
techniqthat
systems ues, are
response
in AWSpractices, and how¦ to gain optimal visibility into information
and on-premises
systems that are in AWS and on-premises¦
£ Reinforce their objective of resolving and improving implementations that may
£ Reinforce
have been a long objective
their time of resolving
coming and improving
and considered implementations
“good enough ” at the time.that may
have been a long time coming and considered “good enough” at the time.

“If you’re truly embracing the power of SOAR, you’re thinking

about no longer what’s good enough, but now that a lot of
things are available to us, what can we do?”

3
—Christopher Crowley, Senior instructor, SANS

#
Integrating SOAR with AWS
One of the advantages of using SOAR is that you can use external tools such as a
EM
SI or other enterprise tools to gather more contextual data on the alerts
coming out of AWS. Here are tools you can find in AWS to help you get the most
out of the SOAR platform :
Amazon GuardDuty is a threat detection service that continuously
monitors for malicious activity and unauthorized behavior to protect
your AWS accounts, workloads, and data stored in Amazon S3.

Amazon Macie is a fully managed data security and data privacy

service that uses machine learning and pattern matching to discover
and protect your sensitive data in AWS.

Amazon Inspector is an automated vulnerability management service

that continually scans AWS workloads for software vulnerabilities and
unintended network exposure.

AWS Firewall Manager is a security management service that allows

you to centrally configure and manage AWS WAF, AWS Shield
Advanced, and Amazon VPC Security Group rules across your
organization.

AWS Config allows you to assess and evaluate the configurations of

AWS resources via Config rules, which evaluate the compliance of AWS
resources against specified policies.

AWS Security Hub is a cloud security posture management service

that performs aggregates alerts, performs security best practice
checks, and enables automated remediation.

When responding to incidents in AWS, you can use the SOAR platform to execute a
series of responses to trigger different AWS services.

You have options. Integrate with potentially hundreds of other tools outside of
AWS such as JIRA to create a ticket for the resource owner or the security team, as
well as engage a messaging tool like Slack to start a chat group with the security
team and the resource owner.

#4
See it in Action:

UC Davis Uses Sumo Logic SOAR to Accelerate

Threat Response and Improve SOC Efficiency

Challenge

Offer open access policies that support research across departments and users, but
lock down security policies and procedures to protect from potential attacks.

Solution

Sumo Logic Cloud SOAR now acts as the main control plane for UC Davis SOC
workflows.

Result—
£ Seamless orchestration of disparate technology and tools for better SOC
workflo”
£ Reduction of response times to cybersecurity threat›
M
£ inimization of time spent triaging thousands of hourly alerts, reducing alert
fatigu“
£ Automation to help the UC Davis SOC cope with the large, 12,000+
investigation workloaŒ
£ UC Davis transition to SOAR for all standard SOC workflows

“We were able to take our

operations to the next level
by going down the SOAR
route. Sumo Logic Cloud
SOAR was really
instrumental—it fits the
university perfectly.”
—Jeff Rowe, Security Architect, 

The University of California, Davis

Explore the role of SOAR with

these AWS partners.
Find security orchestration, automation, and response (SOAR) with
AWS Data and Analytics Competency Partners

Next Steps
Deploy seamless storage solutions across your cloud and 

on-premises environments.

Watch the Webinar

Learn how SOAR helps you streamline security while 

improving your defenses against cyber attacks.

View On-Demand

Talk to an Expert
Discover Solutions Get connected with a solution
AWS capabilities to support 
 architect that can share best
end-to-end requirements. practices and help solve your
business challenges.
Visit AWS Marketplace
Get Connected

© 2022 AWS Marketplace