SOAR: Improving Security Operations

Michael Pfeuffer, Peter Watt-Morse
Morgan Lewis
Contact
LinkedIn
Facebook
X
Send
Embed

Morgan Lewis

With the incorporation of multiple security products defending against increasingly complex attacks, cybersecurity teams can be overwhelmed with a deluge of threat alerts that make it challenging to adequately handle with the traditional processes. Shortages in IT security staffing and continued reliance on multiple technologies and processes have created inefficient and time-consuming systems. Fortunately, solutions to improve security operations exist by implementing Security Orchestration, Automation, and Response (SOAR) technologies.

Gartner, Inc., (Gartner) a leading research and advisory company, has published a report titled “Innovation Insight for Security Orchestration, Automation and Response” which has recognized the convergence of three previously separate technology sectors: (1) security orchestration and organization; (2) incident management and response; and (3) threat intelligence.

The merging of these sectors has formed the basis of the SOAR tools. Gartner describes four key SOAR concepts:

  • Automation: Making automatic equipment do task-oriented work
  • Orchestration: How different technologies are integrated to work together
  • Dashboards and Reporting: Visualizations and capabilities for collecting and reporting on metrics and other information
  • Incident Management and Collaboration: Management of all stages of an incident

Adoption of SOAR concepts is exploding within the security operations industry. Gartner estimates that the usage of SOAR in security organizations with five or more security professionals will rise from less than 1% today to 15% by 2020. As the report states, “The challenges from an increasingly hostile threat landscape, combined with a lack of people, expertise and budget are driving organizations toward SOAR technologies.”

The Gartner report offers key recommendations for companies when they begin implementing SOAR, which include:

  • Pick the low-hanging fruit first: First implement automation where it can be easily installed and where organizations will see instant returns
  • Integrate: Focus on automating tasks and integrating different technologies related to incident response
  • Apply gained intelligence: Leverage the threat intelligence that is gained to improve security technologies and response processes

IT security professionals should understand SOAR deployment and operations practices in order to effectively mitigate cybersecurity risks.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morgan Lewis | Attorney Advertising

Written by:

Morgan Lewis
Morgan Lewis
Contact
more
less

Morgan Lewis on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide