In recent posts we’ve looked at three of the most important topics for modern security teams:
In this post we’re going a stage further, and talking about how security teams can bring these essential functions together using a new technology: SOAR platforms.
SOAR — which stands for Security Orchestration, Automation, and Response — is a term first coined by Gartner to describe the intersection of three technology fields:
SOAR platforms are designed to help security teams respond to security incidents and alerts faster and more consistently. To do this, they combine a variety of functions, including:
Simply put, SOAR platforms are a single, centralized location for security teams to manage incidents and alerts. Crucially, SOAR platforms enable analysts to harness the functionality of all relevant security technologies without needing to switch back-and-forth between systems.
Remember: Security teams often use technologies from dozens of different providers, so this functionality alone can save thousands of hours during the course of a year.
One of the most important functions of SOAR platforms is to guide security teams through the process of orchestrating and automating IR and SOC functions. As we explained in a previous post, approaching these functions (particularly automation) in a haphazard way can easily lead to disaster.
As with all IT functions, the order of priority is always:
People → Process → Technology
In the context of incident response and security operations, that means:
Step 1: Distill the practices of your top performers into solid, repeatable process playbooks.
Step 2: Ensure all security technologies are integrated via a single, centralized solution.
Step 3: Use automation to reduce the burden of repetitive, manual processes.
Gartner have described the need for this approach in their “two doors to SOAR” model — One door (described above) lays the foundation for success, while the other (automation first) leads to ruin.
At this point it should be clear that SOAR has a lot to offer security teams. While there are dozens of potential benefits, in our experience these five have the most significant impact for SOC and IR functions:
As security leaders become wise to the benefits offered by SOAR platforms, uptake is rising dramatically. While just 1% of security teams were using SOAR platforms in 2018, Gartner predict that figure will rise to 15% by the end of 2020.
SIRP is a SOAR platform that helps security teams work smarter, faster, and more consistently. It combines all of the key components of SOAR that security teams need to maximize the efficiency of their operations:
Taking things a stage further, SIRP is also the only SOAR platform with in-built risk management — a fully customizable module that helps security teams map risks to individual assets (using any risk framework) and prioritize them across the organization.
Finally, SIRP supports integration with more than 100 security technologies, including the world’s leading firewall, EDR, vulnerability scanning, antivirus, SIEM, and threat intelligence technologies.
To find out more about how SIRP can empower your security function, book a FREE demo today.