Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 31 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

SOAR vs. Security Operations: What’s Really Going On?

by The Gurus
November 11, 2019
in Featured, Guru's Picks, Opinions & Analysis
Cyber security tools protection
Share on FacebookShare on Twitter

Written by John Czupak, CEO, ThreatQuotient

There’s something big brewing in the world of security operations, but what exactly is it? We are regularly inundated with various descriptions of useful tools and capabilities (think Security Orchestration, Automation and Response (SOAR), Threat Intelligence Platforms (TIPs), Security Incident Response (SIR), Hunting and more).

Unfortunately, many of us are equally confused about the fundamental capabilities of these technologies, and more pointedly, what problems they aim to solve. Perhaps we need to refresh the way we look at this space – turn it upside down a bit and start from a different perspective.

What problems are we trying to solve in today’s Security Operations Centre (SOC)?

If you get right to the point, there are many inefficiencies in processes, which result in delayed detection and response times. There are of course many contributing factors, including but not limited to: teams working in silos; applications and data that are not integrated; alert overload and fatigue as well as staff and talent shortages. The industry response has been to add more tools such as IR/ticketing systems, orchestration and automation and TIPs. In fact, if you look back at Gartner’s earliest definition of SOAR, it fundamentally aligns with these technology stacks.

So, what’s different today? The conversation has clearly shifted to a discussion around the specific problem (i.e. – use cases) coupled with the way technology can help. This concept of a use case approach makes a lot of sense as it focuses the discussion on the problem at hand vs. attempting to shoehorn a “silver bullet” technology for every situation. Some of the more common use cases we see include things such as:

Incident Response: an organised approach to the process by which an organisation handles the aftermath of a cyberattack or data breach with the goal of limiting damage and reducing recovery time and cost.

Threat Hunting: the practice of proactively and iteratively searching for abnormal activity within networks and systems for signs of compromise.

Threat Intelligence Management: the practice of aggregating, analysing, enriching and de-duplicating internal and external threat data in order to understand threats to your environment.

Alert Triage: the process of efficiently and accurately going through alerts and investigating them to determine the severity of the threat and whether or not the alert should be escalated to incident response.

Vulnerability Management: the practice of continuously discovering, classifying, prioritising and responding to software, hardware and network vulnerabilities.

Spear phishing: the practice of sending fraudulent emails that targets specific individual(s) or organization for the purpose of gaining unauthorized access to confidential information.

Investigations & Collaboration: The industry’s first cybersecurity situation room designed for collaborative threat analysis, shared understanding and coordinated response.

A shift in conversation: The emergence of new technology requirements

In Gartner’s latest SOAR Market Guide, published on 27th June 2019, the evolution of SOAR moves towards what we have believed all along – the need for a “full featured” security operations solution designed to support multiple activities for security operations (e.g. – prioritising activities, formalising triage and IR, automating response, enabling investigations, facilitating collaboration and more). This can simply be interpreted as a platform designed for multiple users and use cases.

While SOAR used to mean simply orchestration to many, and TIPs were solely used for threat intelligence programs and SIRs were used for incident response, the definitions and use of these technologies is clearly evolving rapidly. The market needs a security operations platform to improve efficiencies and effectiveness of the SOC.

FacebookTweetLinkedIn
Share2TweetShare
Previous Post

How To Effectively Manage Cyber Threats On Critical Infrastructure.

Next Post

Over Two Thirds Of British Companies Feel Cybersecurity Concerns Prevent Them From Adopting New Technology.

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information