About Us

Become A Contributor

Linkedin Twitter Youtube

Tag: SOAR

Efficient incident response with SOAR

Posted on by Associate Editor Rahul Raj

Security Operations Center (SOC) in enterprises handles a massive number of alerts daily, manual responses to these alerts are time-consuming and make it difficult for analysts to focus on high-priority tasks. The SOC teams necessitate a solution that can ease the team’s workload and increase operational efficiency, reduce costly repetition, and increase productivity.

Security orchestration, automation, and response (SOAR) platforms collect inputs like alerts from the SIEM system and other security technologies, then perform incident analysis and triage through a combination of human and machine power.

With the help of SOAR tools, an organization can define incident analysis and response processes in digital workflows. Their network and security analysts can gather information about threats from various unrelated sources and use machine learning to automate responses to low-level threats.

Orchestration and automation in SOAR

SOAR enables organizations to collect data about security threats and respond to security events without human assistance. It collects required data through data pipelines and network security and management tool suites, such as SIEMS, firewalls, and threat intelligence APIs. SOAR platforms then perform coordination of security actions to support processes or workflow across multiple tool suites for incident management

SOAR platforms offer better alert management through workflow and collaboration, ticket and case management, orchestration and automation, and threat intelligence management.

The workflow-and-collaboration engine initially requires documentation of workflows or processes but once configured it helps security teams apply detailed workflows consistently. These workflows are then organized and standardized so that all the required professionals, including SOC analysts, IT analysts, and quality assurance staff, are given their part at the appropriate time with the appropriate context.

Ticket and case management helps the SOAR platform identify its ability to address incident case management and provides security teams with the SIRP functionality to track cases, document processes, manage knowledge, and report compliance issues. The case-management system helps other engines by making information or processes available and benefits different sections to enlarge case-relevant information.

Orchestration and automation bring greater efficiency and value to security teams and other users. SOAR platforms connect to other technologies, such as SIEMS or firewalls, to orchestrate. Once connected, it automates security tasks in the various tools within a secure network or adds a layer of abstraction where the security professional can interact with SOAR for better incident response.

Threat-intelligence management helps leverage machine-readable threat-intelligence feeds for aggregation, deduplication, and distribution. SOAR’s connectivity again is a force multiplier, given its connection with other security tools, threat intelligence can be rapidly pushed downstream to a SIEM or firewall.

Benefits of SOAR

SOAR platform offers a number of benefits and can enhance the incident response capabilities of organizations of all sizes. SOAR tools can automatically execute repetitive tasks and improve incident response with seamless tool integration and data reporting. The main benefits of SOAR include:

  • Reduced Manual Operations

It enables SOC teams to perform faster through automated solutions for repetitive tasks, which allows analysts to focus on higher-value work. SOAR tools enable teams of all sizes to handle security processes and incident response in a timely manner.

  • Speed up Incident Response

On average breach goes undetected for 228 days in organizations, which provides threat actors with enough time to harm critical data. Timely remediation of these threats is crucial for the safety of organizations.  SOAR provides security automation and incident response playbooks to build workflows with little human intervention. SOAR enables SOC teams to timely to suspend user accounts, quarantine infected endpoints, and block specific IP addresses.

  • Mitigate Alert Fatigue

SOAR tools also help reduce alert fatigue as SOC teams encounter more than a thousand security alerts per day. With custom dashboards and AI-enhanced detection and remediation, SecOps analysts can spend more time investigating threats based on their importance, rather than scrutinizing through a sea of alerts.

  • Integrate Siloed Tools

SOAR platform integrates a variety of security tools to meet an organization’s unique needs. It offers easy integrations for Cloud Security, Email Security, IT and Infrastructure, SIEM & Log Management, Threat Intelligence, and Identity and Access Management.

  • Easier SOC Reporting

SOC teams can gain access to automatic, reliable reporting, both with easy-to-configure templates and with custom reports. SOC reporting speeds up the incident response process by enabling teams to view all relevant data related to potential breaches as they occur. With SOAR tools, analysts can schedule automatic reports or pull on-demand reports in seconds.

 Enable your SOC Team with SOAR

In today’s volatile and sophisticated environment SOC teams require practical tools to tackle the abundance of incoming threats and security alerts. Security analysts can add SOAR tools to their toolkits to decrease workloads, respond to incidents faster, and automate alert triage, investigation, and response. SOAR platform can be easily customized to fit the varied requirement of organizations like people, security procedures, and technology. Security teams can better utilize their expertise to counter advanced threats and quickly handle alerts without adding additional workload.

Palo Alto Networks Cortex XMDR Specialization Strengthens Customers’ Security Operations

Posted on by admin

Palo Alto Networks announced the launch of its Cortex eXtended Managed Detection and Response (XMDR) Partner Specialization, which will assist customers in detecting, investigating, and responding to cyberthreats across endpoint, network, and cloud assets.

The Cortex XMDR Specialization will facilitate MSSP partners to combine Cortex XDR with their managed services offerings, helping customers around the world streamline security operations centre (SOC) operations and rapidly mitigate cyberthreats, based on demand for Palo Alto Networks’ pioneering Cortex XDR 3.0 extended detection and response solution.

“Securing an enterprise is a massive undertaking. Organizations recognize the need for effective detection and response across the network, endpoint and cloud but often need help managing their deployment. The Cortex XMDR Specialization will give customers peace of mind that the services they are choosing will mitigate security gaps and alleviate churn to allow security teams to focus on the most critical threats,” said Karl Soderland, senior vice president, Worldwide Channel Sales at Palo Alto Networks.

“PwC is thrilled to have the opportunity to further expand our strong alliance with Palo Alto Networks through the delivery of best-in-class managed security services for our high value, joint customers.The Managed Cyber Defence service fuses the power of PwC’s global threat intelligence, thousands of hours of incident response expertise, and advisory services with Cortex XDR and XSOAR,” said Colin Slater, Partner at PwC UK

“We are excited to partner with Palo Alto Networks to help transform the MDR space together. As a Cortex XMDR Specialization partner we combine the power of best in class Cortex XDR with our MicroSOC services to relieve the day-to-day burden of security operations for customers with 24/7 coverage. Cortex XDR’s integration of endpoint, network, cloud and third-party data enables us to enhance the service that we provide to our customers as our analysts have visibility across an enterprise’s entire infrastructure and can more quickly focus on real threats,” said Laurent Lemaire, Chief Business Officer, Orange Cyberdefense.

“As a Cortex XMDR specialization partner, we are thrilled to be part of this launch. The powerful analytics and automation that Cortex XDR provides, combined with the cloud-native Trustwave Fusion platform, significantly enhances the capabilities of our detection, hunting and response teams to pinpoint anomalies quickly, provide deeper investigations, or if necessary, immediately eradicate the threat,” said Spencer Ingram, Senior Vice President of Operations, Trustwave.

“Cloud-delivered services on the Cortex platform allow us to reduce the time to deploy and configure our offerings while streamlining operations to focus on securing customers’ critical assets. As a Cortex XMDR Specialization partner, CRITICALSTART has the ability to provide our customers monitoring, analysis and coordinated response across network, endpoint and cloud environments, for a comprehensive view of an attack,” said Randy Watkins, Chief Technology Officer, CRITICALSTART.

LogPoint to acquire SecBI, bringing native SOAR and XDR solutions to the company

Posted on by admin

LogPoint, a worldwide cybersecurity innovator, has announced the acquisition of SecBI, a disruptor in automated cyber threat detection and response based in Tel Aviv. LogPoint’s capabilities will be enhanced by the addition of playbook-based automation that improves cyber threat detection and response. SecBI’s universal SOAR and XDR platform will integrate seamlessly with LogPoint, supporting the company’s objective to transform client’s cyber resiliency through innovation by simplifying the complex work of security operations.

“Combining SecBI with LogPoint SIEM and UEBA will immediately drive tremendous value to our current and future customers. As organizations large and small face the most critical cyber threats, security teams need solutions that will help them be more effective and efficient in protecting their organization. This integration will allow customers to quickly launch automated notifications and security remediations using our full-native SOAR capabilities. This is a major step forward in delivering our XDR-enabled operations platform giving our partners and customers one of the most innovative, intuitive, and proven solutions available,” said Jesper Zerlang, LogPoint CEO. 

LogPoint will continue to move toward overcoming the complex cybersecurity concerns that SOCs confront today with the quick integration of SecBI SOAR and XDR technology. Clients will be able to remove false positives and automate incident response as a result of the acquisition. These comprehensive, complementary platforms will work together to automate repetitive tasks, coordinate threat remediation workflows, and autonomously analyze, prioritize, and execute playbooks, allowing analysts to focus on genuine threats and better secure enterprises.

“We are excited to join LogPoint and integrate seamlessly to further extend the company’s foundational cybersecurity solution. With the inclusion of the SecBI technology, LogPoint takes automation to the next level to address the challenges organizations and cybersecurity analysts are facing in responding rapidly to an exponentially rising number of incidents,” said Gilad Peleg, SecBI CEO.

“The combination of LogPoint technology with SecBI XDR and SOAR, creates an end-to-end cybersecurity powerhouse that has exactly the right combination of technology, human capital, and growth potential. Merging Israeli cybersecurity expertise into the international LogPoint organization entails a huge potential for customers across the globe. We look forward to working with Jesper and his team to build a category leader,” said Yoav Tzruya, General Partner at Jerusalem Venture Partners.

First Health Advisory and Nuvolo formed an OT Security Risk Management Partnership

Posted on by admin

Nuvolo and First Health Advisory announced an industry-first suite of operational Nuvolo and First Health Advisory launched an industry-first suite of operational technology (OT) security risk management services to secure network-connected medical and facilities systems.

External cyberattacks are increasingly targeting network-connected medical equipment (OT) as well as facilities systems including heating, ventilation, and air conditioning (HVAC) controllers. This partnership addresses these security issues by merging First Health Advisory’s comprehensive OT security mitigation services with Nuvolo’s OT security orchestration and automated response (SOAR). This innovative new product integrates Nuvolo’s single, trusted medical and facilities device inventory system and common data model with industry-leading OT security monitoring and discovery tools.

“Our strategic partnership with Nuvolo is an important step forward in meeting the OT security needs of the healthcare community we serve. By combining the capabilities of Nuvolo with First Health’s OT security risk management services, we will address crucial resource gaps and deliver on our mission to serve the security, privacy and OT orchestration needs of our clients,” said Carter Groome, CEO, First Health Advisory.  

The merged risk management services and Nuvolo solution capabilities will minimise HTM teams’ workloads, provide stakeholders with up-to-date statuses, assist and assure that OT devices are maintained safe, accessible, and available at all times.

“Protection of operational technology (OT), including network connected medical and facilities devices, is mandatory for healthcare providers, OEMs and independent service organizations (ISOs).   With a growing and pervasive cyber threat, OT security is now a prerequisite for ensuring patient and environmental safety. For the first time, mature solutions are available to deliver OT device discovery together with security orchestration and automated response (SOAR), coupled with expert resources to deliver on remediation and risk mitigation.   Nuvolo, in partnership with First Health Advisory (FHA) can deliver expert visibility, advise, planning and remediation for OT security, on demand.   This important partnership is a core tenant of our go-to-market strategy for OT security globally.  We are excited to lead the market with FHA, serve the community and help address a growing cyber security threat facing our healthcare customers,” said Tom Stanford, CEO of Nuvolo.  

Rapid7 acquired Threat Intelligence specialist IntSights

Posted on by admin

Rapid7, leading security analytics and automation company, announced the acquisition of IntSights Cyber Intelligence Ltd., a leader in contextualized external threat intelligence and proactive threat remediation. Rapid7 will pay around $335 million in cash and stock for IntSights.

Rapid7 will merge its community-infused threat intelligence and deep understanding of customer environments with IntSights’ external threat intelligence capabilities following the acquisition of IntSights. This combination is aimed at giving clients a unified view of threats, relevant insights, attack surface monitoring and proactive threat mitigation for businesses of any size or security maturity level. Rapid7’s industry-leading cloud-native extended detection and response (XDR) service, InsightIDR, is enhanced by this purchase, which enables high-quality, high-fidelity alerts for efficient security operations, early threat identification, and faster response times.

IntSights enables enterprises to get the full benefits of a threat intelligence program, regardless of its extent or sophistication, while also decreasing security professionals’ burden. Unlike many other threat intelligence systems on the market today, IntSights can help security operations teams achieve the productivity and outcomes they need by providing continuous coverage for external threats, from detection to mitigation to remediation.

Rapid7’s Insight Platform is almost total security operations platforms available today, with highest capacity in detection and response, vulnerability management, cloud security, application security, and security orchestration and automation. In addition to improving its XDR service and providing a standalone threat intelligence offering, the business plans to integrate IntSights’ external threat intelligence capabilities into its platform to enable faster threat detection and remediation across the organization’s complete solution offering. Foros worked as financial consultant to Rapid7.

“Cyber security is a lopsided battle today and the odds consistently favor attackers. Both IntSights and Rapid7 have a shared belief that organizations will succeed only when they have a unified view of internal and external threats, complete with contextualized intelligence and automated threat mitigation which will allow security teams to focus on the most critical threats. We look forward to working with IntSights to make this vision a reality for our customers,” said Corey Thomas, chairman and CEO, Rapid7.

“There’s no shortage of threat intelligence information available today, but much of it lacks context, creating too much alert noise and additional work for already overburdened security teams. By integrating IntSights’ external threat intelligence capabilities into Rapid7’s XDR solution, InsightIDR, we expect to provide security teams with expanded visibility and detections of internal and external threats across their traditional and modern environments—enabling them to quickly pivot into investigations, threat hunting and containment automation all within a unified experience,” said Richard Perkett, senior vice president of detection and response at Rapid7.

“We founded IntSights to make threat intelligence instantly accessible and actionable for organizations of any type or size. We are excited to join Rapid7 to continue this mission and to bring our threat intelligence capabilities to even more customers,” said Guy Nizan, co-founder and CEO at IntSights.

“With today’s sprawling attack surface and the sophistication level of threat actors, I can’t overstate the importance of a solid threat intelligence program. Threats can come from anywhere, which is why having visibility into your internal and external threat landscape is imperative. With the acquisition of IntSights, Rapid7 is well positioned to bridge the threat intelligence gap, giving customers the ability to identify real threats earlier and accelerate response and automate remediation,” commented Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG).

Securonix, a Cybersecurity firm, has formed a Strategic Partnership with Alonos to Invest in Global Leadership Development

Posted on by admin

Securonix, Inc., a leader in Next-Gen SIEM, declared a new investment in its team’s development through a collaboration with consulting company Alonos® to deploy the “Leadership & Executive Accelerated Development Program – L.E.A.D. Core.” Securonix is boosting the skills and knowledge of its leaders around the world with this investment, which will cover a wide range of areas within the organization, including Sales, Marketing, Product Development and Management, Customer Success, Cloud Infrastructure, Architecture, Content and Threat, Quality Assurance, and Corporate Functions.

“Securonix has reached a critical point in our growth as we expand globally at an unprecedented rate. As we scale, our CEO, Sachin Nayyar, is very committed to people growth. When you invest in people who lead other people, there’s an immediate multiplier effect. To reach our expansion goals, we are deploying high end leadership development through the L.E.A.D. Program and building the muscle that will propel us forward,” said Dilshan Ratnayake, Executive Vice President & Chief People Officer, Securonix.

Securonix developed a three-month L.E.A.D. Core Program in collaboration with Alonos’ doctoral-level leadership training practitioners to establish and refine core capabilities. Building high-performing teams, communication, feedback, and coaching, performance management, driving team commitment, delivering and measuring results, understanding leadership styles, leadership decision-making, and harnessing the power of a diverse and inclusive workforce are just a few of the topics covered.

Executives had to complete various learning modules, actively participate in group discussions, attain minimum scores on weekly knowledge examinations, and present an application-based capstone case analysis to graduate from the program’s Core level. Graduates received a validated digital micro-credential through Alonos because this required a high degree of commitment and engagement.

“Investments like these are like oxygen to an organization. If you want to multiply a company’s capabilities, leadership development is a critical component of that growth,” said Ratnayake.

Security Orchestration, Automation and Response (SOAR) – Everything you need to know

Posted on by admin

Security Orchestration, Automation and Response is a system that collects data about security threats using integrated software solutions to analyze and respond to security threats using automated machine learning to provide assistance to human analysts.

The 3 Factors of SOAR are –

Security Orchestration – It is the process of incorporating various technological solutions, both security-related and non-security-related, in order for them to work together in a way that facilitates collaboration. These different tools gather information from multiple sources into a centralized system, which increases the accuracy and makes system more secure.

Automation – This concept empowers technical tools with the help of machine learning to perform security operations task without assistance of human beings. It saves the security analyst’s time by reducing the amount of time they spend on basic, routine tasks by automating them. Security analysts can utilize their time for more creative and challenging tasks. Automation is not an option for replacement of human analysts.

Response – Once a threat is identified, ‘Security Response’ offers security analysts a single centralized overview for tracking, planning, handling, and reporting measures taken. SOAR tools cover post-incident events including case management modules. These modules aid in the communication of lessons learned and the delivery of faster proactive response time to potential attacks.

SOAR vs. SIEM – SOAR and SIEM (Security Information and Event Management) are not the same, even though they gather data from different sources, spot anomalies, and generate alerts. SOAR systems give an additional option of automation to provide automated responses to attacks, while SIEM systems only have functionality of generating alerts to security analysts of a potential incident.

Benefits of SOAR for Organizations

1) Security Teams – Staffing shortages are a frequent occurrence in an Enterprise’s Security Operations Center. It’s a delicate balancing act to ensure an organization has the requisite personnel and it is making optimum use of human resource. SOAR solves this problem by enhancing the process, applying required degree of automation and orchestration by ensuring reliable, defensive response to threats so as to protect organization’s sensitive information. This includes automating repetitive tasks and provides structured incident handling responses. It also gives company the access to industry-leading machine learning algorithms, allowing them to react even faster to security incidents as they occur.

2) SOAR’s scalability and customization – There are default integrations available with every SOAR solution, but some companies’ security applications will not support them. As a result, the SOAR solution is made customizable enough to build integrations from both sides as per customer’s needs. An effective SOAR solution is flexible and customizable enough to work on top of various security tools.

3) Vendors – Normally, companies have a single vendor solution or software to manage the security operation center. Even if company uses more vendors there are complexities involved in it. But SOAR integrates a variety of security solutions into a centralized orchestration system that can be implemented in any cloud-based system. A SOAR solution is efficient enough to implement responses of various teams like SOC (Security Operations center) and CSIRT (Computer Security Incident Response Team). Soar gives a centralized overview and control across the enterprise. This integration reduces security operations procedures by using case management, incident lifecycle and extends life of existing resources, maximizing the return on investment.

4) Data Enrichment – Data collected from a software is useful, but it is limited. SOAR tools overcome this limitation by collaborating multiple software solutions. This is a huge advantage, since data collected about security is rich and makes security system of an enterprise firm updated and robust.

Security Orchestration, Automation and Response (SOAR) is introduced by one of the leading research firm is in initial phase of development in the market. With innovation and evolving market SOAR Solutions will be adapted by many organizations.

InfoSecurity Outlook Magazine focuses on keeping track of Information Security, Data Security, Cloud Security, IoT Security and Fraud Management related technology to help entrepreneurs protect their organizational data from threats and misuse.

Quick Links

Our Brands

© 2023 InfoSecurity Outlook. All rights reserved.

Terms & Conditions

Privacy Policy