One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1162182 |
| Date de publication | 2019-06-18 13:00:00 (vue: 2019-06-18 16:01:00) |
| Titre | SOAR with AT&T Cybersecurity and Dark Reading |
| Texte |
Watch the full video on our site. If you prefer reading, here’s the full transcript 😊
Terry Sweeney - Contributing Editor, Dark Reading
Sanjay Ramnath - Associate Vice President, Product Marketing, AT&T Cybersecurity
Terry Sweeney: Welcome back to the Dark Reading News Desk. We’re here at the RSA Conference in San Francisco. I’m Terry Sweeney, contributing editor at Dark Reading and I’m delighted today to be joined by Sanjay Ramnath, vice president of product marketing at AT&T Cybersecurity. Sanjay, thanks so much for joining us today.
Sanjay Ramnath: Thanks so much for having me.
Terry Sweeney: This trend of SOAR, security orchestration automation and response is generating lots of buzz both here at RSA and among InfoSec professionals as well. Kick us off by explaining what SOAR is and how the companies that use it benefit from it.
Sanjay Ramnath: SOAR is a term that was coined by Gartner. SOAR is really a collection of technologies and processes that aim to solve three problems.
I think the first problem that the SOAR framework aims to solve is: How do you stay ahead of this constantly evolving threat landscape? How do you stay ahead of a rapidly changing network while the modern attack surface continues to expand and network parameters vanish? You have hybrid environments with on-premises and cloud assets. So one of the core tenants of SOAR is aggregating data, aggregating both threat data and intelligence and network visibility on a single platform so all the downstream operational decisions around security can be fed with this stream of intelligence and data.
The second problem that SOAR addresses is complexity in the security ecosystem and infrastructure itself. When you have a really large number of point solutions and products that protect specific threat vectors you have two issues. One is you have a management problem: how do you constantly switch contexts across these different solutions? You also have a problem of too much data and what is called alert fatigue. The SOAR approach attempts to solve this by automating some of the more mundane resource intensive, human intensive, tasks like data analysis and correlation so the security operations teams can be a lot more effective and they don’t get distracted by the noise. They actually focus on what’s important.
The third thing that SOAR addresses is incident response. What do you do when an incident happens? What do you do when your network is intruded upon? Do you have the right processes? Do you have the right workflows in place? Do you have the right data for investigations? SOAR brings all of these together. So SOAR is not a single technology or a single product, it’s really a concept or a framework that brings detection, automation, response, orchestration, intelligence and all of that all together under a common set of terminologies.
Terry Sweeney: That’s really helpful and I’m glad you mention automation. It seems like given the volumes of information that have to be analyzed; this is an essential piece of SOAR. Talk a bit more about why it’s critical to have in combating today’s security issues.
Sanjay Ramnath: You’re never going to have enough resources, bandwidth, and skills in security to stay ahead of the cyber criminals and threat landscape. So I think applying automation where it makes sense really helps streamline security operation. As I mentioned earlier, applying automation in terms of taking this really vast amount of data, threat data and converting that into actionable, tactical threat intell |
| Envoyé | Oui |
| Condensat | can about above actions advocates again aggregation alert alerts all also analysis any apply appropriate are area around aspect aspects assets at&t automation basic becomes bit block blue both breach but can certain choose communication companies company concept context correlate couple create curate cybersecurity dark dashboard dashboards data deal decide depends detection different don’t driven easier element endpoint entire environment everything example feed feeds firewall foundational from further get gets glass goes great have helping helps how implement important incident incidents indicators insights integrated intel intelligence interfaces investigate it’s ith job less letting lifecycle look looks lot makes malware management meta more much multiple need network one only operations ops orchestrating orchestration organizations other pane part people piece place platform platforms possible posture potential practitioner pretty print priorities problem problems provide providing proxy qualifying quarantine quickly ramnath: i ramnath: threat ranking rather raw reading really reports response responses rule sanjay sec security see seeing sense services severe size sizes small soar solve some stack stage start streamline streamlining sweeney: bringing sweeney: great sweeney: which take talk team teams tenants terry than thank that’s them themselves then they’re things think third those threat throwing trying unified url user usm vertical view virulence web well what when where whether which whole will work workflows your |
| Tags | Malware Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.