View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 20, 2019

The Benefits of a SOAR Approach to Network Security

"Automation is fast becoming the most important tool in an IT professional’s toolbox"

By CBR Staff Writer

As the sheer variety of hacks and breaches over the past 12 months has shown, any organisation can fall victim to a cyber-attack that compromises their network, writes Ross Brewer, VP & MD EMEA, LogRhythm.

When this happens, rapid incident response can be the difference between quick containment and a damaging data breach. Indeed, faced with much more stringent regulations and a growing awareness of corporate responsibility, speed and measurability of remediation efforts has become crucial.

Ross Brewer, VP & MD EMEA, LogRhythm.

A big problem is that security operations teams are increasingly managing a profound shortage of skilled IT staff. This often means IT departments are being run by a small number of people, some of which may not be adequately trained for the job at hand.  At the same time, pressure is growing to adopt new technologies and budgets are shrinking, leaving security operations teams increasingly dealing with serious resource constraints. This is particularly concerning as the threat landscape becomes more and more dangerous and complex.

Traditionally, organisations have invested in numerous cyber security tools that generate thousands or tens of thousands alarms on a daily basis. For the security team, this can be a minefield and is particularly challenging given they are frequently under-staffed.

One of the biggest challenges is that the containment of an attack often requires the IT team to follow difficult guidelines including several time-intensive manual steps. It’s a lot to ask them to learn and understand multiple different products, correlate the data generated by each one and decide whether the alarm raised is genuine. When time is of the essence, too few staff and a lack of automation can leave an organisation more exposed to risk.

The Rise of a SOAR Approach

Embedded security orchestration, automation and response (SOAR) has been a buzzword in the cyber security space for some time.

These capabilities are, without doubt, the next step in enterprise security. According to Gartner, SOAR is “technologies that enable organisations to collect security threats data and alerts from different sources, where incident analysis and triage can be performed using a combination of human and machine power to help define, prioritise and drive standardised incident response activities according to a standard workflow.”  The analyst firm predicts that by the end of 2020, 15 per cent of organisations with a security team larger than five people will leverage SOAR, up from 1 per cent today.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

SOAR essentially provides security teams with customisable workflows and controls to streamline and accelerate the investigation and neutralisation of qualified cyber threats. It also automates a lot of the day-to-day and mundane tasks usually undertaken by security operations teams. Furthermore, by adopting case playbooks, analysts can respond and remediate within a single platform, enabling greater efficiency and efficacy when every second counts. Supporting the entire threat investigation, these efficiencies improve organisations’ productivity and enables IT teams to better respond to and remediate cyber threats.

Improving Incident Response

Through clear, trackable metrics, including mean time to detect (MTTD), mean time to respond (MTTR), time to qualify (TTQ) and time to investigate (TTI), SOAR capabilities can also help analysts understand workflow effectiveness, and quickly identify and address potential areas for improvement to further improve the effectiveness of their security operations teams.

These performance metrics also enable security leaders to prove and quantify the overall business value driven by their teams and, if needed, can be vital as evidence for any regulatory body that may require them.

What’s more, SOAR can help reduce paperwork and improve reporting capabilities. Many security operations teams are tasked with a significant amount of admin-based jobs, whether it’s writing up reports or documenting security procedures.

However, by aggregating intelligence from the numerous sources and having them displayed via a visual dashboard, SOAR removes the need for these responsibilities to be actioned manually. In addition, it helps teams avoid the possibility of forgetting important tasks or updates, something that can easily happen in the busy, fast-moving environment that the security operations team work in. The technology essentially helps them work smarter as opposed to harder.

Whilst the automation of SOAR can generate quick returns, it’s worth noting that it does require upfront investment so buy-in, collaboration and cooperation from the broader IT organisation is key. SOAR automates responses across the entire IT organisation so it’s important that IT teams outside of the security operations team are also on board.

Ultimately, SOAR helps businesses and security operations teams optimise their ability to detect and respond to threats faster, quantify key performance indicators like MTTD and MTTR, and reduce their day-to-day workload through improved intelligence and reporting, streamlined workflows and playbooks for automated response actions. Undoubtedly, automation is fast becoming the most important tool in an IT professional’s toolbox. Today’s threat landscape is constantly evolving, sophisticated and complex, and security operations teams are finding it increasingly difficult to keep up. SOAR removes all the manual, menial tasks, enabling them to focus on other important tasks, safe in the knowledge that they are protected.



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.