About Us

Security Automation & Orchestration (SOAR)

What is SOAR?

SOAR (Security Orchestration, Automation, and Response) is a set of software solutions and tools that allow businesses to automate security operations in three major areas: threat and vulnerability management, information security, and cybersecurity automation.

Security automation, to put it another way, is the automated management of security operations-related duties. It is the process of carrying out these duties without the need for human interaction, such as scanning for vulnerabilities or looking for logs. A way of connecting security tools and combining diverse security systems is known as security orchestration. It is the interconnected layer that automates security operations and streamlines security activities.

Why is SOAR important?

Your security staff is most likely drowning in a sea of notifications, many of which are false positives or repetitions of earlier alarms. Each week, the average security team receives upwards of 175,000 notifications. There are very genuine hazards hidden among all that noise, many of which go completely unnoticed if security experts manually handle each one.

That’s where SOAR comes in, freeing up your security team to focus on more essential tasks by automating many of the repetitive, monotonous tasks.

SOAR enables you to:

  • Make security, IT operations, and threat intelligence tools work seamlessly. To reach a more thorough degree of data collecting and analysis, you can integrate all of your different security solutions – even ones from different suppliers. Security teams can no longer juggle many consoles and tools.
  • See everything on one site. Your security team has access to a single console that contains all of the data it requires to investigate and resolve incidents. Security teams can obtain all of the information they require in one location.
  • Quick response to incidents. SOARs have been shown to decrease the meantime to detect (MTTD) and the meantime to respond (MTTR). A substantial percentage of events may be dealt with instantly and automatically because many actions are automated.
  • Prevent time-consuming activities. SOAR helps security analysts save time by reducing false positives, repetitive jobs, and manual processes.
  • Gain access to more information. SOAR solutions combine and evaluate data from threat intelligence platforms, firewalls, intrusion detection systems, SIEMs, and other technologies, providing additional insight and context to your security team. This makes resolving concerns and improving processes much easy. When problems develop, analysts are better able to undertake deeper and broader investigations.
  • Improve communication and reporting. Stakeholders can get all the information they need, including clear analytics that helps them find ways to enhance workflows and minimize reaction times because all security operations activities are pooled in one location and displayed in intuitive dashboards.
  • Boost capacity to make decisions. SOAR platforms seek to be user-friendly, even for less experienced security analysts, because they may include features such as pre-built playbooks, drag-and-drop functions for creating playbooks from scratch, and automated alert prioritizing. A SOAR tool can also collect data and provide insights that make it easier for analysts to review issues and perform the appropriate remediation activities.

What are some examples of SOAR applications?

Before you start talking to vendors regarding SOAR platforms, consider how your company will use the solution. Use cases should highlight your biggest problems and show how technology can help you solve them. The typical use cases vary greatly depending on your industry. Here are some ideas to get you thinking about how you could implement SOAR in your own company.

  1. Automated incident response to combat cyberattacks: SOAR platforms can automatically detect and investigate the sources of these types of attacks. They may, for example, detect and evaluate a suspected phishing email, search for copies elsewhere on the network, quarantine or destroy them, and block IP addresses and URLs to prevent these dangerous emails from reaching other people’s inboxes.
  2. Threat hunting: Security teams typically spend hours each day responding with a flood of alerts, leaving little time for threat hunting, investigation, and long-term planning. Many previously known malicious risks are promptly addressed thanks to automation, giving security professionals more time to work on projects that improve overall network security.
  3. Improving overall vulnerability management: A SOAR solution can help your security team prioritize and manage the risk posed by newly found vulnerabilities in your environment. As a result, they may be proactive, obtaining more information on weak points and properly researching them, while also putting measures in place to prevent breaches or other threats.

The Bottom Line

SOAR optimizes security operations

SOAR allows you to shift from a reactive to a proactive strategy by relieving your team of false positives, recurrent alerts, and low-risk cautions. Rather than putting out fires, security analysts may put their skills and considerable training to greater use, thereby boosting the overall security posture of your company. It’s feasible to accomplish more in less time with efficient security orchestration, automation, and response (SOAR) solutions while still allowing for human decision-making when it’s most important.

Frog Teams Up With Slack To Increase The Awareness About Key Software Development Events

JFrog has introduced a new Slack integrator For JFrog Artifactory and JFrog Xray. The new JFrog app for Slack enables developers to notify an extended team of stakeholders in real-time about significant software development events, such as new security vulnerabilities or licensing compliance violations, allowing them to optimize release cycles and reduce time-to-resolution.

“Collaboration has always been an integral part of DevOps, but when it comes to security-related events, you need to communicate early and often. We are thrilled to work with Slack – one of the world’s leading collaboration tools – on enhancing the way developers work today so they can deliver stronger features, faster releases, continuous updates, and improved security for their entire DevOps pipeline,” said Stephen Chin, vice president of Developer Relations, JFrog.

The JFrog app for Slack combines artefact management and security with operational efficiency to boost company results. It lets one or more Slack channels to receive notifications, information, and actions connected to specific software incidents. For example, developers can communicate vulnerability and licensing compliance notifications with a broader team of stakeholders directly from their workstations, based on policies set up in JFrog Xray.

The interactive notifications allow receivers to take action, such as create “ignore” rules, view details, and so on. From within the Slack channel, you can pause, delete, or invoke the JFrog Platform for more information about notifications.

UL Launches SafeCyber to Protect Connected Devices

UL, a global leader in safety science, announced a new solution SafeCyber Digital Security, a suite of solutions aimed at democratising IoT security and equipping key businesses like device manufacturers, suppliers, and systems integrators to take control of their networked infrastructure. UL’s SafeCyber Digital Security Platform working to mitigate the growing amount of cyberthreats faced by these enterprises, from smart home gadgets and complex medical equipment to advanced automotive and Industry 4.0 technology.

“The proliferation of connected devices has unlocked immense new economic potential, but it has also introduced a flurry of cybersecurity risks that can materially impact businesses. SafeCyber helps organizations holistically understand and assess risk, allowing both new and existing assets to be designed and maintained to conform with the latest cybersecurity legislation and best practices,” said Jukka Makinen, managing director of the Identity Management and Security division at UL.

UL also unveiled its Maturity Path capability as part of the launch, a solution that gives device manufacturers, suppliers, and system integrators with a maturity assessment for linked device security in order to develop long-term product security governance and processes.

In SafeCyber platform, UL also introduced Firmware Check and Field Monitoring features. Firmware Check will provide stakeholders with a security check on firmware implementations that are presently in development, whereas Field Monitoring will allow those companies to run large-scale security checks on firmware that is already in the market.

“For more than 125 years, UL has been a trusted partner helping organizations ensure the safety and compliance of their products and solutions. Today’s launch of SafeCyber marks an important milestone in our long-term vision to develop a best-in-class capability that helps organizations move beyond a compliance mindset, and toward a proactive stance that enables them to actively manage their security posture in what is becoming an increasingly connected, ever-evolving threat landscape,” added Makinen.

SafeCyber’s clients will get immediate access to UL’s Maturity Path, Firmware Check and Field Monitoring. Any connected device stakeholder can begin a free Maturity Path self-assessment as part of UL’s efforts to make best quality product security practises better accessible. 

Omada and SecZetta Collaborate to Decrease Threat of Third-Party Breaches

Omada, a worldwide provider of Identity Governance and Administration (IGA) solution announced an integration with SecZetta, a leading provider of third-party identity risk management solutions. Companies will be able to minimize the risk of third-party data breaches as a result of the integration.

SecZetta delivers easy-to-use, purpose-built third-party identity risk solutions to assist organizations in implementing risk-based identity access and lifecycle strategies for third-party non-employee populations such as contractors, supply chain, suppliers, partners, bots, and more. SecZetta information on managing third-party identities, onboarding, role changes, contract extension, termination, and identity risk management is used by Omada to help third-party users make better access decisions.

Companies are in danger because of this absence of protocol with non-employees; an estimated two-thirds of data breaches nowadays are caused by a third party. Businesses require a way to track and manage all of the people and things who have access to corporate systems. SecZetta uses a collaborative onboarding process to gather contextual information on third-party non-employees, which it then sends to Omada for providing and de-provisioning of access, as well as identity governance and access for SecZetta’s customers.

“Organizations are hyper-focused on adopting Zero Trust policies in the hope of reducing the risk of access-related cybersecurity incidents. Our integration with Omada enables organizations to extend the diligence they have around providing least privilege access to employees to their riskier, non-employee users,” said Jeremy Rohrs, Senior Vice President of Global Sales & Business Development, SecZetta.

“With most organizations today relying on third parties to achieve business goals, it’s critical to get access management right. It’s a balance between security and productivity – and that’s what this integration provides. Organizations can work confidently with non-employees, knowing they are all fully accounted for without creating a drag on IT resources,” said Michael Garrett, CEO, Omada.

JupiterOne Integrations Increase Value and Context for Cyber Assets

JupiterOne, a vendor of cyber asset management and governance solutions, has launched three new industrial integrations for its security platform: Cobalt, PagerDuty, and Amazon Web Services (AWS).

JupiterOne clients gain visibility throughout their environment and enrich their existing workflows with new knowledge about their relationships with the help of these strategic integrations. JupiterOne’s API-driven platform connects relevant metadata from new infrastructure and security tooling to provide value to their existing technologies.

JupiterOne’s platform uses contextual linkages to bridge the gap between a typical IT configuration management database (CMDB) and security solutions, reinventing how cyber asset management is done. As a result, AWS, Cobalt’s penetration testing service and PagerDuty’s digital operations management platform may provide consumers with more information regarding cloud configuration.

“We’re seeing more customers centralizing and automating their entire toolchain as a broader, more strategic initiative within their organizations. This model must be built on the foundation of understanding around how all cyber assets connect to each other. We’re proud to formally collaborate with AWS, Cobalt, and PagerDuty to become the glue that enterprises need to gain visibility and contextual knowledge across those complex environments. We help our customers discover unknown risks and reduce manual efforts on day-to-day security operations. What sounds simple can be an overwhelming challenge to do well consistently and at scale,” said Erkang Zheng, Chief Executive Officer of JupiterOne.

“Digital value created by organizations doesn’t exist in silos and security shouldn’t either. For companies to be successful they need to know what’s in their environment and how their technology assets are connected to each other in a meaningful way. Our partnership with JupiterOne is about adding more context to the cyber assets and relationships that ultimately bring value to an organization,” said Caroline Wong, Chief Security Officer of Cobalt.

“JupiterOne and AWS have been working together for a number of years resulting in a strong integration between our platforms. Today we are announcing a leveling up of our joint capabilities. Extending cyber asset relationship-based security and governance across so much of ASW’s technology brings a wealth of security context and a significant improvement in cloud native cyber security to our joint customers,” said Dudi Matot, Principal Segment Lead in Security, Amazon Web Services.

Sophos Acquires Braintrace to enhance Adaptive Cybersecurity Ecosystem with Braintrace’s Network Detection and Response (NDR) Technology

Sophos, a worldwide leader in next-generation cybersecurity, announced the acquisition of Braintrace, which will add Braintrace’s unique Network Detection and Response (NDR) technology to Sophos’ Adaptive Cybersecurity Ecosystem. Eliminating the need for Man-in-the-Middle (MitM) decryption, Braintrace’s NDR enables comprehensive visibility into network traffic patterns, including encrypted communication. 

Braintrace’s developers, data scientists, and security analysts have joined Sophos’ global Managed Threat Response (MTR) and Rapid Response teams as part of the acquisition. With over 5,000 active clients, Sophos’ MTR and Rapid Response services market has grown quickly, making it one of the world’s largest and rapidly-growing MDR suppliers.

Through integration into the Adaptive Cybersecurity Ecosystem, which supports all Sophos products and services, Braintrace’s NDR technology will help Sophos’ MTR and Rapid Response analysts, as well as Extended Detection and Response (XDR) clients. The Braintrace technology will also be used to capture and forward third-party event data from firewalls, proxies, VPNs, and other sources. Threat identification, threat hunting, and responding to suspicious activity all will benefit from these added layers of visibility and event ingestion.

“You can’t protect what you don’t know is there, and businesses of all sizes often miscalculate their assets and attack surface, both on-premises and in the cloud. Attackers take advantage of this, often going after weakly protected assets as a means of initial access. Defenders benefit from an ‘air traffic control system’ that sees all network activity, reveals unknown and unprotected assets, and exposes evasive malware more reliably than Intrusion Protection Systems (IPS). We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers. It’s hard to beat the effectiveness of solutions built by teams of skilled practitioners and developers to solve real world cybersecurity problems,” said Joe Levy, chief technology officer, Sophos

“NDR is critical to successful threat hunting. Braintrace’s competitive differentiation is its unique NDR technology that our MDR analysts leveraged for finding, interrupting and remediating cyberattacks. With our own NDR technology, the team responds faster and more accurately because of the real-time, automated visibility and threat verification they have into encrypted traffic. We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem,” said Bret Laughlin, CEO and co-founder of Braintrace.

NDR technology from Braintrace is a critical component in protecting against cyberattacks today and in the future. According to Sophos research, hackers shift strategies frequently to avoid detection and carry out their operations. Braintrace’s technology detects malicious C2 traffic from malware like ColbaltStrike, BazaLoader, and TrickBot, as well as zero-day exploits, which could lead to ransomware and other attacks. This visibility allows threat hunters and analysts to anticipate any prospective ransomware attack, such as REvil and DarkSide’s recent attacks.

In the first half of 2022, Sophos plans to release Braintrace’s NDR technology for MTR and XDR.

SYNNEX Corporation partners Proofpoint adds security and networking to portfolio

SYNNEX Corporation, a leading provider of technology distribution, systems design, and integration services, introduced a range of Proofpoint products and services to its networking and security portfolio. Proofpoint is a leading cybersecurity and compliance firm.

“Proofpoint’s people-centric approach to cybersecurity equips partners with the tools and knowledge to help customers protect their people, data, and brand. We are thrilled to add Proofpoint to our linecard and integrate our services and expertise to deliver effective solutions that keep customers safe from cyber threats,” said Reyna Thompson, Senior Vice President, Product Management, North America, SYNNEX.

Through SYNNEX, resellers have access to Proofpoint product line and can use their integrated suite of cloud-based solutions to assist businesses all over the world stop targeted cyberattacks, protect their data, and make their clients more robust to cyber attacks. SYNNEX’s cybersecurity and compliance solutions will be enhanced as a result of the partnership, which will secure consumers across all channels, including email, social media, web, cloud and mobile messaging.

“In today’s environment, a company’s most important asset – their people – can also be their biggest cybersecurity threat. We are excited to work with SYNNEX to deliver innovative security and compliance solutions to their vast network of resellers. Our comprehensive portfolio, backed by SYNNEX’ leading services and dedicated support, provides partners with the intelligence and tools to help keep their customers safe, especially as people expand how and where they work,” said Joe Sykora, SVP, Worldwide Channels and Partner Sales, Proofpoint. 

Consultation in opportunity qualification, bill of materials design, proof of concept demonstrations, and exposure to complimentary training are all accessible through SYNNEX’s comprehensive pre-sales support solutions. Business development, product management and specialization, marketing, and entire business management can all be assisted by the dedicated SYNNEX Proofpoint team. SYNNEX additionally provides financially enticing incentives as well as aid with renewal automation. This high level of service is aimed to assist customers improve operational efficiencies and expand their businesses more successfully.

David Swick, Senior National Account Manager, North American Distribution, Proofpoint said, “As the Proofpoint channel business continues to experience double digit growth year over year, we look forward to further evolving our already strong distribution landscape. SYNNEX offers a unique opportunity for us to access new security partners and routes to market.”

Cybersecurity startup Safe Security raises $33M

Safe Security announced that it has raised $33 million in a fundraising round led by London-based British Telecom (BT). Safe Security is an industry-leading cyber risk management service firm. Their SAFE (‘Security Assessment Framework for Enterprises’) technology, based in Silicon Valley, allows businesses to assess their current defenses and determine their risk of being hit by a large cyber attack. The financing included previous investors, including John Chambers, the former Chairman and CEO of Cisco Systems.

Industry analysis estimates that the cost of global cyber crime reached over US$1 trillion in 2020, as criminals exploited seismic changes in everyday life to target both individuals and organizations of all sizes. With high-profile recent incidents impacting critical areas such as energy infrastructure and medical care, businesses and governments are under huge pressure to objectively assess how protected they are against the latest forms of cyber attack.

With the investment, BT will be able to combine the SAFE platform with its industry-leading managed security services to give clients a real-time perspective of how safe they are in the face of an ever-changing cyber threat scenario. SAFE is the only company that can calculate the financial cost of a customer’s risk and provide proactive advice on how to solve it. The technology, which already defends a number of Fortune 500 firms and governments around the world, enables organisations to precisely target vulnerabilities in their defences.

“Cyber security is now at the top of the agenda for businesses and governments, who need to be able to trust that they’re protected against increasing levels of attack. Adding SAFE to BT’s proactive, predictive security services will give customers an enhanced view of their threat level, and rapidly pinpoint specific actions needed to strengthen their defences. Already one of the world’s leading providers in a highly fragmented security market, this investment is a clear sign of BT’s ambition to grow further,” said Philip Jansen, Chief Executive of BT.

“We’re delighted to be working with a proven global security leader in BT. Their investment and strategic partnership with Safe Security will further accelerate our vision of making SAFE scores the industry standard for measuring and mitigating cyber risks. By aligning BT’s global reach and capabilities with SAFE’s ability to provide real-time visibility on cyber risk posture, we are going to fundamentally change how cyber security is measured and managed across the globe,” said Saket Modi, Co-founder and CEO of Safe Security.

BT will be given exclusive rights to use and market SAFE to companies and public sector organisations in the UK as part of this investment, and the platform will be integrated into its wider worldwide portfolio. BT will be identified as the preferred global partner for enhancing a customer’s SAFE score due to its experience in offering security solutions to organisations all over the world. BT will also collaborate with Safe Security on future product development.

OPSWAT Announces Acquisition of Bayshore Networks to Enhance Critical Infrastructure Protection Capabilities to OT/ICS Environments

OPSWAT, the global leader in Critical Infrastructure Protection (CIP), announced that it has acquired all assets of Bayshore Networks, the leading provider of active industrial cybersecurity protection solutions specifically designed for Operational Technology (OT) and Industrial Control Systems (ICS) environments, automation engineers, and plant operators. As part of the acquisition, OPSWAT will incorporate Bayshore Networks products and teams, extending OPSWAT’s CIP capabilities to OT/ICS environments.

OPSWAT, the world leader in Critical Infrastructure Protection (CIP) declared that it has acquired Bayshore Networks, the leading provider of active industrial cybersecurity protection solutions designed especially for Operational Technology (OT) and Industrial Control Systems (ICS) environments, plant operators and automation engineers,.  OPSWAT will integrate Bayshore Networks’ products and employees as part of the acquisition, boosting OPSWAT’s CIP capabilities to OT/ICS environments.

From the Colonial Pipeline attack to the Florida water supply hack, there has been a substantial increase in the number of cybersecurity and ransomware attacks in the industrial infrastructure. This has prompted a higher level of security concern, as these types of attacks may have disastrous consequences. This asset acquisition will enhance OPSWAT’s mission to provide best-in-class cybersecurity solutions to protect critical infrastructure by adding kay features in unidirectional/bidirectional secure data transmission in critical networks, intrusion prevention for industrial systems, and secure remote access for OT assets.

“This acquisition furthers our commitment to provide organizations worldwide with the most comprehensive critical infrastructure protection solutions available today. Over the last few months, we have hit several corporate and product milestones, including raising a $125 million round of financing, expanding our channel program to over 80 countries, and introducing our breakthrough cybersecurity kiosk for critical infrastructure protection. Today’s acquisition extends our CIP mission to operational technology and will drive continued growth and momentum at OPSWAT,” said Benny Czarny, OPSWAT founder and CEO.

“We are excited to bring two industry leaders together,” stated Kevin Senator, former CEO of Bayshore Networks and current OPSWAT Consultant. “Over the last decade, Bayshore Networks has provided state-of-the-art cybersecurity solutions for OT/ICS environments. Extending OPSWAT’s powerful platform to OT is a natural next step for both companies. Not only will we meet very specific cybersecurity demands in the industry, but the synergy between our companies will be truly extraordinary. I have no doubt that our employees and our technology will thrive at OPSWAT.”

1Password Launches Events API To Provide Real-time Data Streaming To Third-party Platforms

1Password, the industry leader in enterprise password management, announced the release of Events API, a new way for security teams to gain more data visibility and actionable insights. While events have always been available to administrators in 1Password, this new feature focuses on the information available by allowing events to be piped directly to tools like Splunk and other SIEM platforms, providing a holistic view that can be correlated with data from other sources.

In commercial contexts, the number of attacks and breaches has never been higher. While recent news cycles have focused on the most serious incidents, smaller but harmful attacks occur on a daily basis, if not more frequently. Losses from cybercrime have increased six times by 2020. Nearly half of the organizations in the United Kingdom have experienced some type of cybersecurity attack, with the average cost of a data breach approaching $4 million.

According to 1Password’s own research, 77 percent of DevOps and IT experts admitted to still having access to prior employers’ infrastructure, posing a significant security risk to affected firms.

1Password is the first line of defence for over 80,000 corporates globally securing passwords, confidential documents, and infrastructure secrets to protect their employees, customers and intellectual property. This  announcement is yet another step in solidifying the company’s position as a reliable enterprise solution for safeguarding mission-critical data. The 1Password Events API extends beyond the platform, allowing event data to exit while maintaining client privacy and data security.

Jeff Shiner, CEO of 1Password said, “With today’s launch of the 1Password Events API, our enterprise customers are able to access far deeper information than ever before, and most importantly, that information can now be used in an actionable way through the SIEM tools already in place. This will enable administrators to prevent future attacks, and if something does happen, take fast and decisive action. We’ve managed to do all this while protecting the privacy and security of our customers.”

Brian Jack, CISO at KnowBe4 said, “We’ve been using 1Password for over 4 years and it’s been a huge asset in securing our employee passwords and other sensitive information. With over 1000 employees, understanding who is accessing and using data within 1Password is very important to us. Events API has allowed us to integrate with our SIEM and use that data to highlight suspicious activity that will help us protect against future threats, as well as enabling us to quickly react to any active insider attack, should it ever happen.”