Improving Efficiency of Security Incident Response Using SOAR
Managing IT is a fairly complicated task due to its complexity. Complexity arises due to the need to use various products from different vendors to meet ever-evolving business requirements. Similarly, managing security is as complex as managing IT, if not more so, due to the Internet enabling various different paradigms of enabling technology to meet business requirements better. The increasing complexity of IT coupled with the ever-increasing use of the Internet has resulted in a spate of new threats. This makes the security manager role more difficult as managers now need to coordinate multiple technologies and varied security products. To combat growing threats, organizations have invested in multiple security solutions such as security information and event management (SIEM) systems, user and entity behavior analytics (UEBA), threat intelligence platforms, incident response platforms, intrusion detection and prevention systems (IDPS), etc. These solutions help the organization combat security incidents more effectively and, at times, proactively take action against security incidents. This helps the organization develop an improved security posture. However, this leads to more alerts for security personnel to investigate, which can be time consuming and may result in a delayed response. With the introduction of the EU General Data Protection Regulation (GDPR) and other similar compliance requirements, delayed response is something that is becoming untenable.
The challenge faced by security managers is how to integrate all these tools, people and processes to enable the common objective of providing protection for information assets. Security orchestration, automation and response (SOAR) is a term used to describe the integration of different technologies used for effective security.
SOAR technologies enable organizations to collect and aggregate vast amounts of security data and alerts from a wide range of sources. This assists human and machine-led analysis. It enables standardization and automation of threat detection and remediation. SOAR technologies help organizations as follows:
- Speeds the response to security events—SOAR tools speed up response time by integrating all the tools in the security operations center’s (SOC) arsenal including threat intelligence sources—both internal and external to organization. Instead of using a dozen or more different tools, security personnel can refer to one data source to get all information and indicators of compromise very quickly.
- Simplifies the investigation process—In many cases, SOAR tools can investigate low-level alarms and escalate only important ones to security personnel. Also, they provide a consolidated view that makes it easier to correlate alarms from different tools and determine root cause.
- Minimizes the damage from attacks—Automation capabilities may help initiate action such as blocking an IP address or isolating a compromised system or endpoint, which can help to minimize damage and provide important information about the attack faster.
- Reduces time spent reacting to false positives—False positive alarms require unnecessary effort and waste security personnel’s time, reducing their productivity. SOAR helps reduce false alarms.
- Improves the efficiency and effectiveness of IT and security operations—SOAR integrates cybersecurity and IT operations so that they can work together and provide a comprehensive view of the environment and improve the efficiency and effectiveness of IT and security operations.
- Prevents and manages security threats—SOAR enables knowledge capture to further improve an organization’s capabilities to prevent and manage security threats.
- Provides meaningful and insightful dashboards—SOAR provides these dashboards so that enterprises can understand and appreciate the efforts put in by the security team.
- Lowers costs of operations—All of the previously listed points also result in lowering the costs of operations.
Many organizations today outsource security operations to managed security service provider (MSSP) vendors. When selecting an appropriate vendor for MSSP, organizations should include SOAR services in their requirements to achieve maximum benefits from outsourcing arrangements.
Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP, is a consultant and trainer in IT governance and information security.
Keep Your Organization’s Data Private
is my life;
New technologies have allowed more opportunities to access and misuse sensitive information. Even with new laws and regulations in place to safeguard data, new data privacy and compliance challenges have emerged.
To help you build a strong regulatory data governance model to ensure organizational compliance, ISACA and ACL present the “Enforcing Data Privacy in the New Digital World” webinar. It will demonstrate how technology can support an already established protection model that accounts for the right frameworks and standards, provides oversight and assurance, and safeguards your organization from potential breaches. This webinar takes place on 7 February at 11AM CST (UTC -6 hours). ISACA members can earn 1 continuing professional education (CPE) hour by attending this webinar and completing a related survey.
Phil Shomura is senior product manager at ACL and is a seasoned product expert with a passion for bridging customers’ needs with technology solutions. Shomura will use his experience at ACL, leading its cloud-based data-driven governance platform, to provide you with insight on how to help keep your enterprise’s data protected.
To learn more about this webinar or to register for it, visit the Enforcing Data Privacy in the New Digital World page of the ISACA website.
Build Your Organization’s Awareness of Phishing
It only takes 1 uninformed employee to open an email with a link to a phishing website for malicious actors to bypass your organization’s security. Each year, the number of phishing attacks is rising, so what can you do to keep your organization safe?
To help you build a business case for phishing awareness, ISACA and Terranova present the “Why Go Phishing? Build Your Business Case for Phishing Awareness” webinar. It will illustrate the benefits of phishing simulations and building organizational security awareness. This webinar takes place on 12 February at 11AM CST (UTC -6 hours). ISACA members can earn 1 continuing professional education (CPE) hour by attending this webinar and completing a related survey.
Theo Zafirakos, CISSP, chief information security officer (CISO) coach at Terranova, is a skilled cybersecurity professional responsible for information security and management of strategy, programs, governance, information risk assessments and compliance for Terranova Security. He will use his experience working with the C-suite to help you build a phishing awareness plan with the support of your organization’s leadership.
To learn more about this webinar or to register for it, visit the Why Go Phishing? Build Your Business Case for Phishing Awareness page of the ISACA website.
The Future of Facing Cyberattacks as a CISO
Cybersecurity becomes more and more important in the face of the rising number of cyberattacks. Chief information security officers (CISOs) have had to redefine their roles and sharpen their skills to combat the danger of sensitive data leaks.
To help enterprises see how the CISO role is evolving, ISACA presents the “The CISO of the Future” webinar. In this webinar, Eduardo Cabrera, chief cybersecurity officer of Trend Micro, will discuss his career as a CISO and how all cybersecurity professionals can prepare to take on the challenges CISOs face in the future. This webinar takes place on 20 February at 11AM CST (UTC -6 hours). ISACA members can earn 1 continuing professional education (CPE) hour by attending this webinar and completing a related survey.
Cabrera will use his experience analyzing emerging cybersecurity threats and leading information security and cyberinvestigative and protective programs to ensure you, your CISO, and your enterprise can keep your sensitive data secure from cybercriminal activity.
To learn more about this webinar or to register for it, visit The CISO of the Future page of the ISACA website.
Dynamic and Comprehensive: CSX Virtual Cyber Academy
The Cybersecurity Nexus™ (CSX) Virtual Cyber Academy is a comprehensive, real-world training solution that tests your skills in a live, dynamic network environment on a cloud-based learning platform. This means you can access your training any time of the day in any part of the world.
The CSX Virtual Cyber Academy gives you access to more than 90 labs, which are scored based on your performance as soon as you finish each lab. Instantaneous feedback as you progress through your training allows you to develop skills to address the most current threats using the latest tools and techniques in the industry. Your subscription to the CSX Virtual Cyber Academy allows you 1 year of access to the platform, and new labs will be added continuously throughout your subscription.
To learn more about the CSX Virtual Academy, visit the CSX Virtual Cyber Academy: Self-Paced Training Subscription page of the CSX website.
How to Protect Digital Data Privacy
More personal data are available to enterprises than ever before due to the rise of automation, the Internet of Things (IoT) and artificial intelligence (AI). The increased availability of personal data results in an increased data protection risk for the enterprise. And, as more data privacy laws and regulations are instated, compliance becomes even more challenging and critical for enterprises.
ISACA’s Enforcing Data Privacy in the Digital World white paper provides guidance on building a strong regulatory data governance and protection model. It explores the impact of privacy regulations to data; what failure to comply with regulatory data privacy controls may look like; how to use frameworks and standards to remain compliant; and how to automate governance, risk and compliance (GRC) for the enterprise.
To learn more, download this complimentary ISACA white paper from the Enforcing Data Privacy in the Digital World page of the ISACA website.