About Us

Security Automation & Orchestration (SOAR)

What is SOAR?

SOAR (Security Orchestration, Automation, and Response) is a set of software solutions and tools that allow businesses to automate security operations in three major areas: threat and vulnerability management, information security, and cybersecurity automation.

Security automation, to put it another way, is the automated management of security operations-related duties. It is the process of carrying out these duties without the need for human interaction, such as scanning for vulnerabilities or looking for logs. A way of connecting security tools and combining diverse security systems is known as security orchestration. It is the interconnected layer that automates security operations and streamlines security activities.

Why is SOAR important?

Your security staff is most likely drowning in a sea of notifications, many of which are false positives or repetitions of earlier alarms. Each week, the average security team receives upwards of 175,000 notifications. There are very genuine hazards hidden among all that noise, many of which go completely unnoticed if security experts manually handle each one.

That’s where SOAR comes in, freeing up your security team to focus on more essential tasks by automating many of the repetitive, monotonous tasks.

SOAR enables you to:

  • Make security, IT operations, and threat intelligence tools work seamlessly. To reach a more thorough degree of data collecting and analysis, you can integrate all of your different security solutions – even ones from different suppliers. Security teams can no longer juggle many consoles and tools.
  • See everything on one site. Your security team has access to a single console that contains all of the data it requires to investigate and resolve incidents. Security teams can obtain all of the information they require in one location.
  • Quick response to incidents. SOARs have been shown to decrease the meantime to detect (MTTD) and the meantime to respond (MTTR). A substantial percentage of events may be dealt with instantly and automatically because many actions are automated.
  • Prevent time-consuming activities. SOAR helps security analysts save time by reducing false positives, repetitive jobs, and manual processes.
  • Gain access to more information. SOAR solutions combine and evaluate data from threat intelligence platforms, firewalls, intrusion detection systems, SIEMs, and other technologies, providing additional insight and context to your security team. This makes resolving concerns and improving processes much easy. When problems develop, analysts are better able to undertake deeper and broader investigations.
  • Improve communication and reporting. Stakeholders can get all the information they need, including clear analytics that helps them find ways to enhance workflows and minimize reaction times because all security operations activities are pooled in one location and displayed in intuitive dashboards.
  • Boost capacity to make decisions. SOAR platforms seek to be user-friendly, even for less experienced security analysts, because they may include features such as pre-built playbooks, drag-and-drop functions for creating playbooks from scratch, and automated alert prioritizing. A SOAR tool can also collect data and provide insights that make it easier for analysts to review issues and perform the appropriate remediation activities.

What are some examples of SOAR applications?

Before you start talking to vendors regarding SOAR platforms, consider how your company will use the solution. Use cases should highlight your biggest problems and show how technology can help you solve them. The typical use cases vary greatly depending on your industry. Here are some ideas to get you thinking about how you could implement SOAR in your own company.

  1. Automated incident response to combat cyberattacks: SOAR platforms can automatically detect and investigate the sources of these types of attacks. They may, for example, detect and evaluate a suspected phishing email, search for copies elsewhere on the network, quarantine or destroy them, and block IP addresses and URLs to prevent these dangerous emails from reaching other people’s inboxes.
  2. Threat hunting: Security teams typically spend hours each day responding with a flood of alerts, leaving little time for threat hunting, investigation, and long-term planning. Many previously known malicious risks are promptly addressed thanks to automation, giving security professionals more time to work on projects that improve overall network security.
  3. Improving overall vulnerability management: A SOAR solution can help your security team prioritize and manage the risk posed by newly found vulnerabilities in your environment. As a result, they may be proactive, obtaining more information on weak points and properly researching them, while also putting measures in place to prevent breaches or other threats.

The Bottom Line

SOAR optimizes security operations

SOAR allows you to shift from a reactive to a proactive strategy by relieving your team of false positives, recurrent alerts, and low-risk cautions. Rather than putting out fires, security analysts may put their skills and considerable training to greater use, thereby boosting the overall security posture of your company. It’s feasible to accomplish more in less time with efficient security orchestration, automation, and response (SOAR) solutions while still allowing for human decision-making when it’s most important.

Alcor launched AccessFlow, an IAM Product with Automated, Centralized, Seamless Integrations

Alcor, a leading and global provider of cloud solutions, security, and implementation services, launched its IAM product, AccessFlow. It is an automated, self-service access management product built on the Service Now platform that helps organizations in achieving automated, centralized, and seamless integrations with different platforms. As a Built on now application, AccessFlow provides the performance, Security, and GUI of the Service Now platform – designed and tested for fast, agile, secure, resistant, and allied digital transformation. 

To automate access provisioning, improve visibility, and optimize process compliance, AccessFlow now enables businesses to relish the benefits of: 

  • Assembled Access Management: Seamlessly verifies and manages crucial tasks such as – access provisioning, de-provisioning, license management, visibility into third-party integrations, and also offers a single source of information with consolidated reporting and dashboards.  
  • Secured Compliance: Automation of the entire access management lifecycle ensures secure operations. This helps organizations maintain data integrity, extend audit support, and proactively identify, monitor risk-based roles and leaves no place for error. 

Chairperson, and Senior Principal at Alcor, Monisha Singh says, “The updated version of AccessFlow takes access governance to a new level by providing efficient third-party integrations, ServiceNow GRC collaboration, and SOC1 Compliance with effective internal controls for data protection. This automated and unified approach of managing access over extended integrations with other robust features like SoD, Role-Based Access Matrix, Training Prerequisites, Dormant Account Alert, and more will enable organizations to significantly reduce time, cost, and effort. The all-new AccessFlow is bigger, better, and bolder with a single view of accesses, compliance assurance, and multiple brand-new features curated to meet the IAM needs of modern organizations.”  

AccessFlow Product Manager, Jenifer Rubavathy adds, “Over a past few years, we have seen a big increase in the demand of automating the access management processes for granting authorizations in accordance with compliance requirements. As a result, AccessFlow has collaborated with ServiceNow GRC and also extended Integrations with Azure AD and middleware platforms. Some of the essential holistic approaches to IAM that enable you to develop your cyber security posture include preventive Segregation of Duties into the access request process, effectively controls for permission level risks, and offering enterprise-wide access visibility increases the organization’s security, process efficiency as well as avoids the penalties for noncompliance.”  

Arista Enters Microsoft Intelligent Security Association To Help Improve Customer Security

Arista Networks has joined the Microsoft Intelligent Security Association (MISA), a community of independent software suppliers and managed security service providers that have integrated their products to better protect against an increasingly dangerous environment.

Arista was recognized for their NDR (Network Detection and Response) system’s integration with Microsoft Azure Sentinel. By integrating network context and threat detection with log-based and endpoint insights within Azure Sentinel, this integration provides faster threat mitigation.

Insider threat detection, threat hunting, digital forensics, and incident response are among the autonomous use cases enabled by Arista NDR, which analyses entire network packet data. The NDR platform detects, profiles, and classifies network items including as devices, users, and applications across campus, data center, IoT, and cloud networks using Arista AVA (Autonomous Virtual Assist), an AI-enabled decision support system.

AVA pre-computes answers to problems that an expert analyst would ask after analysing network data and querying threat intelligence sources, open source intelligence, and partner solutions within the MISA ecosystem and beyond. The platform uses this information to uncover weak and early signs of a network issue, as well as confirming data, in order to build conviction and determine the attack’s broader breadth. This allows the SecOps team to thwart an adversary’s goals at the very beginning of an attack.

“Customers have invested in a variety of security solutions in their battle against modern cyber threats. Responding to the adversary requires a coordinated effort across these solutions so that risks can be mitigated and impact minimized. Microsoft shares this vision and we are pleased to collaborate by bringing the high-fidelity detection and response signals from AVA and our NDR platform into Microsoft Azure Sentinel and MISA,” said Rahul Kashyap, VP/GM Arista NDR Security Division.

Companies are sometimes blind to 50% or more of their network, including IoT and contractor devices, as well as cloud workloads, as networks have developed. Adversaries target this larger attack surface, but because the underlying device lacks security agents or log sources, these attacks generally go unnoticed.

For this otherwise unmanaged infrastructure, integrating Arista NDR with Azure Sentinel provides extensive insight into network entities, threat detection, and incident response capabilities. Security teams benefit from comprehensive, entity-centric context that can be utilised to correlate data collected from other IT and security systems using Azure Sentinel workbooks.

“The Microsoft Intelligent Security Association has grown into a vibrant ecosystem comprised of the most reliable and trusted security software vendors across the globe. Our members, like Arista, share Microsoft’s commitment to collaboration within the cybersecurity community to improve our customers’ ability to predict, detect, and respond to security threats faster,” said Maria Thomson, Microsoft Intelligent Security Association Lead.

Zyxel Communications And SEC Consult Formed Partnership To Improve Cybersecurity

Zyxel Communications today announced a partnership with SEC Consult, a leading consultancy in cyber- and application security. The collaboration between the two companies will further strengthen Zyxel’s cybersecurity strategy by expediting and optimizing the ability to respond to threats and vulnerabilities posed by increasingly-complex and ever-evolving cybersecurity threats.

Zyxel Communications announced a partnership with SEC Consult, a prominent cyber- and application security firm. The partnership will boost Zyxel’s cybersecurity strategy by accelerating and improving the company’s capabilities to respond to risks and vulnerabilities caused by incredibly challenging and ever-evolving cybersecurity threats.

End-users are heavily dependant on information-sensitive online services as digitization pervades daily life and online communications tools become crucial for many services. As a result, leading internet service providers are placing an even greater emphasis on network security.

Ensuring a secure development and software architecture

To maintain the highest level of product security, Zyxel, a prominent broadband access provider, has a thorough security strategy and already employs a dedicated security team. The partnership with SEC Consult is aimed at addressing the problems that software-driven products can cause by exposing the network to unidentified security vulnerabilities. The firms collaborated to perform a thorough organisational and technological review that will result in an overall optimization of Zyxel’s safe software development process and security verification methods, with the goal of detecting and eliminating potential security risks.

SEC Consult also did a vulnerability assessment, which included a look into the software for a few Zyxel devices. The assessment’s findings were given to Zyxel’s specialised security team as input for a secure development and software architecture.

SEC Consult will now assist Zyxel in implementing a firmware security analysis platform as a regular security review mechanism in order to automate the security analysis method in the long run.

Raising the overall security level

“Cybersecurity should be considered from the very beginning. It is important to cooperate as early as possible in the value chain, starting with the manufacturers. Additionally, continuous improvement and regular assessments are just as important as the sustainable creation of security awareness in the company. We are proud that our company is supporting Zyxel to prevent, handle, and manage security vulnerabilities more efficiently in the future,” says Wolfgang Baumgartner, General Manager SEC Consult Group.

“The cooperation with SEC Consult will help us to reinforce our security awareness among employees through well-designed training programs. We expect to escalate our product security level through proactive vulnerability prevention,” said Gavin Yeh, Senior Director, EMEA CPE SBU at Zyxel.

Huntsman Security Introduced SmartCheck for Ransomware

Huntsman Security introduced new solution SmartCheck for Ransomware, an automated, on-demand diagnostic application developed to analyse the risk of a ransomware outbreak. The application captures data directly from security activities in order to report on an organization’s security posture in comparison to a set of security measures. These measures are similar to those recently recommended by the UK National Cyber Security Centre (NCSC) and the US National Institute of Science and Technology (NIST), and will provide users with assurance that they are adhering to known cyber security best practice.

SmartCheck for Ransomware tests an organization’s ransomware readiness quickly and effectively, providing a numeric score for each of the 12 security controls. As a result, companies can findout their risk exposure and modify any security policies that are needed to enhance their security posture and ransomware preparation. At the same time, the verifiable report gives higher security trust levels to third parties, such as insurers or potential partners, at a time when supply chain security is a big issue.

“To protect against ransomware and effectively manage their security risks, it is vital that senior executives have clear visibility of their cyber posture. This goes beyond annual audits to having the relevant information available whenever the organisation needs it – whether to modify security settings to improve readiness; or to verify their posture to partners or insurers. By making assessments automated and in line with established best practice, we have given organisations access to reliable security information that they can use with confidence to improve their risk management processes,” said Peter Woollacott, CEO, Huntsman Security.

SmartCheck for Ransomware is developed with much the same precision and reliability as Huntsman Security’s other defence-grade SIEM and Scorecard products, and is meant to be simple to install and use. It assesses the effectiveness of important cyber-attack prevention, containment, and restoration mitigation tactics across the course of a cyber-attack.

“As the threat of ransomware grows everywhere, organisations need to regularly assess their state of readiness. With insurers such as AIG tightening terms and raising premiums in response to the ransomware threat, organisations that can’t demonstrate adequate security precautions will find insurance terms increasingly difficult to negotiate. At the same time, organisations need to take steps to ensure that ransomware will not disrupt their operations or those of their supply chains – making assessing partners’ security posture just as important as assessing their own. Updating ransomware risk management efforts to include SmartCheck for Ransomware to better address their ever changing risk environment will put organisations in a much better position to combat the threat of ransomware,” said Woollacott.

Opsview Introduces Two New Products – Opsview Log Analytics and Network Topology

Opsview, a firm that delivers a broader view into dynamic IT operations, has released two new products: Opsview Log Analytics and Network Topology.

Opsview Log Analytics connects with Opsview Monitor and Opsview Cloud to assist IT Operations teams in identifying the root causes of warnings and predicting security problems before they cause business disruption. These critical log events are directly correlated with metrics in Opsview’s IT infrastructure monitoring solution, resulting in a single pane of glass view with detailed insights that show employees why issues come up.

“Opsview Log Analytics automates the manual processes of log management. Combined with Opsview Monitor and Opsview Cloud, it provides a faster time to resolution for IT Operations teams. With SIEM functionality, Opsview Log Analytics correlates events and identifies security incidents such as brute force attacks or DDoS,” said Mike Walton, CEO of Opsview.

With the inclusion of Network Topology to the Opsview Network Analyzer module, IT Operations teams can collaborate with their networking teams to create a unified view of an organization’s IT estate. Network Topology automates network discovery, lowers the security risk of unidentified hosts in the environment, and detects network misconfigurations.

“With Opsview’s Network Topology providing overlays with real-time status information, this will provide valuable time savings to IT teams as well as reducing potential security risks. The risk of the unknown is drastically reduced with Network Topology,” said Scott Heyhoe, VP Products at Opsview.

Cado Security Partners with SentinelOne to Provide Cloud-Native Digital Forensics

Cado Security, provider of cloud-native digital forensics platform, has partnered with SentinelOne, an autonomous cybersecurity platform, to offer security teams with the breadth and depth they need to detect, analyse and respond to attacks with extraordinary speed.

Time is of the essence when it comes to attack management. As soon as malicious behaviour is noticed, security professionals must be able to dig deep to identify the root cause and scope. The SentinelOne Singularity XDR Platform gives the necessary visibility to identify the malicious activity as soon as it happens. Cado Response automates the process of obtaining critical forensic data and historical context, which gives an inquiry more depth.

“Using traditional DFIR approaches often means it can take security teams weeks to capture and process the data needed for a detailed forensic investigation. This is precious time that an adversary has free rein to inflict damage,” said James Campbell, Co-founder and CEO of Cado Security. “At Cado, we leverage the cloud in a way that allows for automation and rapid processing, removing many of the complexities associated with DFIR. We are thrilled to partner with SentinelOne to deliver the data and context security teams need to quickly identify the root cause of incidents and enable faster response.”

Security analysts can always use SentinelOne’s Remote Script Orchestration (RSO) functionality to run Cado Response in a single click to execute an in-depth forensic investigation across their SentinelOne Singularity Platform-protected endpoints, simplifying data collecting and speeding up triage. The Cado Response platform is built on a cloud-based system that scales up and down dynamically to deliver fast processing when it’s required and save money when it’s not, substantially lowering time to evidence and time to response.

“Our focus is to empower security teams to uplevel their approach to incident response and automation with speed, scale and simplicity. Cado Security’s integration with SentinelOne’s Singularity XDR enables security analysts to automate forensics investigations across the enterprise attack surface,” said Mike Petronaci, VP Product, Platform and Ecosystem, SentinelOne.

Points to consider before buying Deception Technology Solution

The COVID-19 pandemic has caused several cyberattacks in new and unexpected ways and on a massive scale. Especially, the sudden change of many industries to remote work or work from home provided an instantaneous advantage and opportunity to cybercriminals. In ransomware attacks on workforce connected to corporate resources from unsecured home networks and devices. Throughout 2020, these malicious actors tried to identify and exploit employees and they will continue it in 2021. Social engineering has been the starting point of the majority of ransomware attacks. Social engineering strategies, such as phishing can fool users into disclosing sensitive information. 

Deception technology helps companies to quickly create a fictitious IT network that deploys alluring decoys that prevent cybercriminals from identifying the traffic and resources used within the real network. This deceptive network is then effectively integrated into the current IT infrastructure in order to reveal itself to attackers. Deception technology takes into account the attacker’s view and strategy which is used to abuse and explore networks of information recognition and exfiltration.

Following points should be considered before buying Deception Technology-

  • Vendors must understand client’s goals and objectives when it comes to deception
  • Vendors should study and understand client’s current technological infrastructure
  • Deception solution be built to understand attacker techniques, tactics and methods
  • Deception solution should be designed by incorporating the identified goals, technology and attacker tactics
  • Deception solution implemented should be reviewed and updated regularly to address new technology changes and objectives

Companies need to check that the deception solution covers all from endpoint to complex cloud environment for maximum protection. In addition, what kind of disappointment lures vendor provides. An ideal solution provides IT network, server, database, endpoint, applications, cloud and OT decoys, some vendors offer only a number of them. Companies need to check how these deceptions systems are used and whether they are manually or automatically updated. The level of customization also plays a crucial role.

The Level of Interaction to Deceive Attackers

The deception solution only works if it is able to mislead attackers. Real-time operating systems and networks can be custom-made. Consider asking solution providers whether their systems create or use emulated decoys for the actual operating system. The capacity to play and understand an attacker increases as the level of interaction of deception resources used increases. Greater interaction gives the cyber criminals more real experience and offers security teams a better and detailed approach to analyse attacker activity. It also increases their ability to develop enhanced deception environments. Various technical parameters like ensuring that active decoy directory entries are consistent with the real Active Directory should be checked. Cyber deception is a detection method. It is less to useful detect attacks without the ability to respond effectively. This makes it compulsory to create robust, documented incident response processes in deception solutions.

Cyber Criminal Use Cases

If an intrusion is identified, the attackers can be enclosed and observed successfully with minimum or no danger to the true system. However, Deception technology allows security experts to gain insights from the behaviour of an attacker and denies them the opportunity to apply crime data to strengthen security systems. Based on cyber criminals’ activities vendors have created cybercriminal use cases. These use cases are used to improve deception solution.

Scalability and Automation

The technology of deception adds decoys and controls so that the problems can be detected. Scalability is the design and implementation of an authentic set of decoys in an extensive infrastructure. Once these Deceptive resources are installed, companies can manage and update them regularly to maintain realisticness. The processes of generating, deploying, and running deceptive solutions have been significantly simplified by machine learning. Thus vendors with scalable and automated deception solutions should be considered.

If there is a ransomware attack deceptive resources are attacked thus saving real resources from attack. This is a huge advantage over other security solutions. Sectors such as education, health care and government need assistance in their fight against ransomware. Deception technology is useful in the detection of movement and minimizes damage. 

Rezilion Secures $30 Million In Series A Funding to Automate DevSecOps

Rezilion, a cyber startup that uses automation to change DevSecOps, today received $30 million investment in Series A funding led by Guggenheim Investments. Current and former cybersecurity professionals and luminaries from Google, Microsoft, CrowdStrike, IBM, Cisco, PayPal, JP Morgan Chase, Nasdaq, eBay, Symantec, RedHat, RSA, and Tenable contributed to the round, as did new investment partners JVP and Kindred Capital.

With DevOps, code development has become fully automated, yet there is now a crippling bottleneck between engineering and security teams. Understanding, mitigating, and limiting the risk associated with the huge lines of code published by corporations every day is a constant problem, and it still involves extensive manual work by highly skilled engineers. As a result, businesses must choose between remaining secure and distributing products quickly.

Rezilion makes security as agile as DevOps by automating repetitive security bottlenecks. It is the only approach that significantly minimizes the amount of security effort necessary to deploy new digital products while maintaining the security of software platforms. Clients who use Rezilion’s vulnerability validation technology have decreased their patching backlog by more than 70% on average, freeing up important engineering resources to focus on product expansion.

“Rezilion’s product suite is a game changer for security teams. It creates a win-win, allowing companies to speed innovative products and features to market while enhancing their security posture. We believe Rezilion has created a truly compelling value proposition for security teams, one that greatly increases return on time while thoroughly protecting one’s core infrastructure,” said Rusty Parks, Senior Managing Director of Guggenheim Investments.

“At Rezilion, we are deeply committed to helping organizations drive their own innovation by reducing the resource drain, inaccuracies and operational friction created by manual security work. We know there’s never been a better time for organizations to experience what we call ‘trust in motion,’ or the peace of mind that comes from moving fast while staying safe and secure,” said Liran Tancman, co-founder and CEO of Rezilion. “

“Our technology brings developers and security teams together. This funding round will allow us to dramatically accelerate our vision by advancing product development and driving growth on a global scale,” says Shlomi Boutnaru, co-founder and CTO of Rezilion.

“Rezilion’s pioneering approach generates a host of benefits to meet the needs of CEOs, CIOs and CISOs, from expediting digital transformation, faster product rollouts and enhanced productivity and compliance to the adoption of state-of-the-art development best-practices and the guarantee of better security and improved ROI. Under the proven leadership of Liran and Shlomi, we look forward to expanding Rezilion’s markets and offerings to provide more value based on its unique technology,” stated Yoav Tzruya, General Partner at JVP.

The funds will be utilized to rapidly accelerate Rezilion’s go-to-market strategy, including partnering with other DevSecOps solution providers and expanding operations across the US and Europe. Additional product development attempts to bridge the gap between security and engineering, increasing the productivity of both teams so that software can be delivered on time and businesses can innovate more quickly.

Neosec raises $20.7 Million in Series A Funding To Protect APIs Against Business Abuse And Data Theft

Neosec announced that it has emerged out of stealth mode and closed a $20.7 million Series A funding round led by True Ventures, New Era Capital Partners, TLV, and SixThirty, as well as security gurus Mark Anderson, Gary Fish, Mickey Boodaei, Rakesh Loonkar, and Shailesh Rao.

The firm is taking a different approach than today’s traditional application security products, which often rely on signature-based approaches to secure a perimeter. Instead, Neosec uses known XDR (Extended Detection and Response) security approaches, such as precise behavioural analytics, to uncover vulnerabilities and business abuse hidden within APIs.

“Today’s new applications are all API-driven, which creates a new attack surface that puts business fundamentals at risk. Traditional application security techniques are scarcely relevant in a cloud and API-first world,” said Brian Sack, principal at TLV Partners.

APIs are the foundations of digital business, and they enable to accelerate innovation and software development by allowing organisations, partners, and services to communicate seamlessly. While several security solutions promise to secure APIs today, the majority rely on traditional signatures, allowing API calls to proceed without any practical checks of their usage. These systems have no way of detecting bad conduct in APIs, so they let authenticated clients engage with them as they see fit, presuming they’re safe and allowed. 

“Today, APIs contain both money and data as well as govern key interactions within a business and to customers, partners and suppliers. Every API is a window into an organization’s business systems and potentially exposes key business logic and processes. Ignoring this blind spot is no longer an option, so the need for a new approach to API security is critical,” said Puneet Agarwal, partner at True Ventures.

Neosec learns every API user’s and client’s baseline behaviour automatically, correlating and profiling different entities such as users, customers, business processes, and partners. It allows users to see, investigate, and hunt for threats utilizing precise timelines of each user entity’s activities.

“One of the greatest challenges facing cybersecurity is the severe lack of logical visibility and behavioral assessment of APIs. Existing technologies were not created to address the incredible exposure organizations now have through their APIs. We created an entirely new approach based on data analytics to provide a complete understanding of all API interactions. It is fully automated, SaaS delivered and able to protect increasing exposure through digital business,” said Engel.