SOAR-ing into the security space

by Deidre Smith

15 April 2021

Abstract circuit board with binary code

Over the last few years, there has been a significant shift from solutions such as SIEM (security information and event management) to SOAR (security orchestration automation and response). What does this mean for organizations and how will it assist and enhanced security management overall?

How does SOAR improve security performance?

The SIEM’s primary function is to gather data from logs, hosts, infrastructure, tools, malware detection and prevention systems and alert or indicate to the host that there is a potential for a cyber-attack. These security systems typically feature dashboards, analytics automation, device management, and Security Operations Center-as-a-Service solutions. There is room for SIEM and SOAR to co-exist, but with security orchestration automation and response, organizations can get single alerts and one aggregated view, providing simpler functionality, enhanced response and improved outcomes.

The stack is designed to seamlessly integrate into a wider network and give one consolidated view of the security landscape within any organization. Adaptable tools can help reduce the time from discovering a breach to the point of response and resolution. The benefit is it gathers data from numerous different sources, along with case management, standardization, workflow and analytics, creating an efficient all-in-one toolbox. This allows security teams to take all of this data and respond quickly without necessarily requiring any human intervention. Teams can now manage, respond, act and resolve an endless number of alerts without spending hours of manpower to do so, resulting in increased productivity.

Abstract circuit board with artificial intelligence (AI) concept

The Human vs. Automation debate

If we think about the world of automation, there is always the fear that moving to this model will eventually replace the need for human intervention in doing a task. However, despite this, there is an ever-increasing demand for affordable and more complex actionable intelligence solutions.

Automation allows us to work smarter, not harder. SOAR is a part of an automated solution that allows security teams to put focus outside of the repetitive tasks of their job and focus on growing their expertise by “up-skilling” or “cross-training.” Companies can then put people and resources behind more powerful threat-detection analytics where it is needed most. Using playbooks to analyze, respond and navigate through incidents and threats, SOAR can automatically and accurately triage potential risks with little human interaction required.

What should we expect in the future?

We know that AI is being used heavily on both the attacker and defender front to advance and detect threats. As we learn more about automation from its earlier adopters, the knowledge gained will become the blueprint for the future in combating cyber-security challenges.

We also know that automation will continue to be crucial for properly identifying incidents, triggering alerts, setting up proper engines to detect violations, and bringing defensive actions to new levels in security management.

As the attackers become more advanced and sophisticated, so will the applications and organizations guarding their data and systems. Security protection is a key piece of this puzzle. A security orchestration automation and response integration can solve a large part of this, but it will be interesting to see where the technology goes next.

To listen to our podcast with Palo Alto, please click here.

To find out more about our security managed services, please click here.

Deidre Smith

Vice President Client Services Delivery, NTT Ltd.