One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2088409 |
| Date de publication | 2020-12-10 06:01:00 (vue: 2020-12-10 07:05:35) |
| Titre | What is Security Orchestration Automation and Response? |
| Texte | This blog was written by a third party author. With the face of cyberthreats in a constant state of flux, it’s nearly impossible for IT and Security teams to manually secure their countless systems, applications, services, and devices, as well as respond to potential and active cyberattacks that manage to flourish despite best efforts. Because of the automated nature and sheer magnitude of cyberattacks today, it’s necessary for organizations to utilize toolsets that help to accelerate, simplify, and scale security efforts to strengthen your ability to protect their environment and respond to cyberthreats. One of the most effective ways is through SOAR. What is SOAR? The term SOAR (Security Orchestration, Automation, and Response) generally refers to three specific software capabilities used in tandem to improve your security posture – threat and vulnerability management, incident response, and security operations automation. The term itself, however, provides better insight into what a SOAR solution should do for your organization: Security Orchestration involves integrating typically disparate security tools and automating their processes to reduce complexity and increase the effectiveness of security operations. Security Automation aims to reduce the human involvement in security tasks by using technology to automatically detect, prioritize, and remediate threats. Security Response refers to the planning, managing, monitoring, and reporting of incident response actions once a threat it detected. The overarching goal of SOAR is to make security operations far more responsive, decisive, impactful, and cost-effective. SIEM vs SOAR In order to detect threats, SOAR solutions act a bit like a Security Information and Event Management (SIEM) solution – monitoring and gathering data from various systems, platforms, and applications in an effort to identify anomalies that are potentially threatening. But, SIEM solutions are generally limited to simply alerting Security teams to the existence of the found anomaly and do little to rectify the identified problem. In contrast, SOAR solutions go well beyond SIEM – first proactively assisting with protecting the environment with security orchestration, then providing an ability to automate security tasks that can be used in response to detected threats, and finally the establishing of workflow automation leveraging those tasks to respond more quickly and accurately than any member of the Security team could manually. Does this mean you should skip SIEM? Absolutely not. SIEM solutions are designed to connect with just about any security data source, whereas SOAR solutions are more focused on the O, the A, and the R. Many SOAR solutions either integrate with SIEM solutions as another valuable source of security detail, making SIEM solutions still a needed part of your security strategy. The primary benefits of SOAR SOAR is more than just an opportunity to consolidate solutions and security functions; it’s a shift in the way your organization will proactively prevent attacks, gain insight into threatening actions, and more precisely and quickly respond to threats when they do occur. Some of the key benefits to your organization include: Shortened Mean-Time-To-Respond (MTTR) – SOC and SecOps teams can respond to cyberthreats more quickly through automated response actions that can be performed instantly and automatically. The human factor can become a delay, especially in cases where it’s a verified known threat with a defined specific set of actions needed to remediate the attack. SOAR reduces the time to respond through the joint work of its’ functionalities. |
| Envoyé | Oui |
| Condensat | as ability about absolutely accelerate accurate accurately achieve act actionable actions active address addressed aims alerting alignment allowing alone analysis anomalies anomaly another any applications appropriate are assisting attack attacks author automate automated automatically automating automation bad because become before benefits best better between beyond bit blog built but can capabilities cases completely complexity connect consolidate consolidates consolidation constant contrast cost could countless cyberattacks cyberthreats data date dealing decisive defined delay designed despite detail detect detected detection devices devise disparate does done easy effective effectively effectiveness efficiently effort efforts either empowering environment especially establishing event evident existence expensive face factor far fast; faster fastest finally first flourish flux focused found from function functionalities functions; gain gathering generally goal guesswork handling harm have help helps however human i’d identified identify identifying impact impactful implemented impossible improve incident include soar include: increase increased information ingest insight instantly instead integrate integrating intelligence internal involvement involves is soar issues it’s its’ itself joint just key known latest less leveraging like limited limiting little lower lowered magnitude make makes making manage managed management managing manually many mdr mean member monitoring more most mttr nature nearly necessarily necessary needed not obvious occur of soar offering often once one only operations opportunity orchestration order organization organization: organizations out outsourced overarching part party performance performed performing period planned planning platforms posture potential potentially precisely prevent primary prioritize priority proactively problem processes productivity protect protecting provider providers provides providing question quickly range rectify reduce reduced reduces refers relying remain remediate reporting respond response responses responsive responsiveness same scale scope secops secure security service services set sheer shift shortened should siem simple simplify simply skip soar soc software solution solutions some something source sources specific state stopping strategy streamlined strengthen such systems takes tandem tasks team teams technology term than them then think third those threat threatening threats three through time today tools toolsets translate typically understand use used using utilize valuable various verified vs soar vulnerability want way ways weight well what when where whereas whether wide will without work workflow worth written your |
| Tags | Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.