Hello, and welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we are going to discuss SOAR platforms. We’ll start with what the SOAR acronym stands for, then we’ll dive in a bit further to chat about how a SOAR platform can benefit your organization.
So, what does SOAR stand for? Well first, let’s make sure we have the correct spelling. This is not SOAR akin to an injury, s.o.r.e, but rather SOAR like soaring in the clouds, s.o.a.r. The acronym stands for Security Orchestration, Automation, and Response.
So, as you just heard, a SOAR platform contains multiple tools to achieve a specific goal. A SOAR platform utilizes a collection of toolsets to comb through and gather information related to vulnerability and threat management, incident response, and security automation.
The vulnerability and threat management fall under the security orchestration piece of the SOAR platform, while security systems automation falls under the (wait for it….) automation piece, and finally incident response is the final piece. Like many of our topics, the initial descriptions and definitions can seem rather hard to understand for some, so what benefit does a SOAR platform provide?
Have any of you out there been inundated by the white noise of untuned alerting and monitoring? Cyber warriors that watch the wire have, for sure, and it can be very demanding when trying to filter out the actual noise from the alerts that need attention.
So, is that something that you should spend valuable time on, or would it make more sense to utilize a newer technology to perform that filtration for you, utilizing artificial intelligence and machine learning to continuously and consistently maintain a higher level of awareness to the alerts coming in?
Speaking of monitoring, how are you accomplishing the monitoring of the assets within your organization? Do you have one tool for a specific set of assets (mobile device management, for example), and another for a different type of asset? Wouldn’t it make more sense to centralize the monitoring of all of those assets for a much better focused picture?
Then there is the response aspect of the platform. You have the ability to automate aspects of incident response. These aspects of SOAR platforms show how you can streamline efficiency within your cybersecurity teams.
May not seem like much to someone that has little knowledge of cybersecurity, but to a cybersecurity professional or cyber warrior on the front lines of the cyber battle these types of technologies can be game-changers.
Now, some out there might be wondering if a SOAR platform replaces a SIEM or perhaps is the same thing. Both are misconceptions, as the SOAR platform works in conjunction with a SIEM solution (which we will address in a future TomCast). Also, SOAR platforms work as force multipliers, they are not security professional or cyber warrior replacements.
A SOAR platform is not going to permit your organization to thin the mix by laying off valuable talent; the security professionals and cyber warriors become more efficient over time as a result of SOAR platform implementation, but don’t kid yourselves out there, implementing a SOAR solution takes a considerable amount of time and effort up front to gain those long term benefits. These are not plug and play, set it and forget it solutions. With the ever-changing landscape that is cybersecurity, this is one of those solutions that will require hands-on work to ensure the maximum benefits are realized.
There are many different SOAR platforms out there, so do your due diligence if this seems like something of interest to you. The cybersecurity incident response and threat detection teams within your organization will be very interested in that research. Reach out to your Managed Security Service Provider (MSSP) and see what they can do for you. MSSP’s typically have experience helping customers determine the best SOAR solution for their environment, and can help set it up and tune it to be more effective. As a tactical cybersecurity incident response organization, GuardSight professionals have experience in different SOAR solutions and could be valuable resources for you.
We here at GuardSight thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight can do for you, head on over to www.guardsight.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!