Over the past 5 to 10 years, the usage of acronyms in Cybersecurity industry has taken on a life of its own.
One of the coolest kids on the block these days, the one everyone is claiming has an 80ft swimming pool with actual rope swing, is SOAR. Security Orchestration, Automation and Response. On the scene properly in only the past couple of years, SOAR is taking the security world by storm with its message of simplifying security operations through automation.
But what does it mean?
Coined by the analysts at Gartner, SOAR describes the inevitable integration of four different toolsets: Security Orchestration & Automation, Incident Response and Threat Intelligence platforms. The integration of these distinct platforms into a single harmonious toolset aims to allowing organisations to automatically respond to security incidents, without the need for much intervention.
By standardizing the way that our network interacts and “repairs” itself, we limit costly errors and inconsistencies that are the hallmark of the human condition.
So now you know the concept, what are the key benefits of this technology group:
- Reducing Mean-time-to-Response – It is undoubtedly true, that no matter how good your SOC team are, they cannot respond to a point in time incident faster than a computer can. This inherent speed advantage means that lowering the MTTR when using SOAR platforms is an obvious by-product.
- Lower Total Cost Operations – The saying goes that by reducing the need for manual processes, by simplifying the investigations your analysts need to undertake you can improve analyst efficiency and thus limit the stress on increasing personnel. This is of note in a world where security resources are becoming scarcer by the hour.
- Minimised Business Impact – By speeding up response, and improving the efficacy/consistency of that response, enterprises hope to mitigate potentially harmful actions sooner and thereby limit the exposure to damage, reputational or otherwise.
At LogPoint, we have chosen to integrate our SIEM solution with a number of market-leading SOAR platforms, including DFLabs IncMan and Swimlane. By taking advantage of our ability to ingest large volumes of data, providing real-time cybersecurity analytics and generating alerts, the SOAR’s manage the incident response process for each SIEM alert.
The combination of our Modern SIEM with SOAR enable organizations to automate most of the work performed by security analysts and accelerate incident detection and response actions from hours to seconds. It automates and orchestrates the manual and repetitive tasks that would take analysts hours to complete and ensures all alerts are assessed and flagged for further investigation if necessary.