SOAR Platforms Help Automate Cybersecurity Tasks
Security orchestration, automation and response (SOAR) platforms are driving efforts to automate cybersecurity functions. These systems build on the information-gathering and correlation capabilities of security information and event management (SIEM) technologies by adding on automated response capabilities. When a SOAR platform detects that certain conditions are met, it can immediately trigger a playbook of activities designed to respond to those conditions.
READ MORE:Improve cybersecurity by moving from SIEM to SOAR.
For example, if an endpoint detection and response (EDR) system notifies a SOAR platform that malware was detected on an end-user device, the SOAR platform can automatically kick off a series of actions, including:
Modifying the network configuration to place that system on an isolated VLAN where it cannot communicate with any other devices, containing the damage caused by the infection
Triggering the EDR platform to remediate the malware infection, restoring the system to proper working order
Firing off a vulnerability scan that analyzes the systems configuration to confirm that it no longer poses a threat to itself or the network
Modifying the network configuration again at the completion of these tasks to restore the systems normal access
All those actions, which might previously have required hours of effort by cybersecurity professionals, can take place quickly when automated through a SOAR platform.
FIND OUT:This is what it takes to secure the cloud.
The workflows triggered by SOAR playbooks do not need to be strictly sequential in nature, either. The workflow above could be enhanced by adding conditional steps that occur based upon the results of prior steps. For example, Step 3 could be modified to take different actions depending on the results of the vulnerability scan. If the scan reveals that the system is remediated, the workflow could move on to Step 4 and automatically restore normal operations.
If, on the other hand, the scan reveals that the automated remediation was unsuccessful, the system could remain on the quarantined VLAN and the SOAR platform could open a ticket in the organizations IT service management platform to trigger a human investigation and response.
Once you have a SOAR platform in place, you can integrate it with many of your existing security tools to perform a variety of routine tasks. Its normally a good idea to start small and focus on efforts that have the highest potential payback in terms of time savings and pose the lowest risk to the organization. Lets take a look at three ways SOAR platforms can quickly add value to an organization.
Automate malware incident response efforts.Weve already discussed malware response as a prime example of the effectiveness of SOAR platforms. Given the burden that malware response places on security teams, automating these responses should be a high priority for any SOAR implementation effort.
Gather information for incident responders.Incident responders spend a lot of time gathering information as they attempt to triage and respond to cybersecurity events. SOAR platforms can automate much of this work by reaching into other systems and information sources to gather the basic facts before passing an event on to a human analyst for investigation. For example, if the SOAR suspects that a system is connecting to a botnet, the system can gather network traffic logs, threat intelligence data, user information and other records to prepare a dossier that analysts can use as they investigate the incident.
Process phishing messages.Every organization is deluged by phishing messages and most have a standardized workflow when users report these messages to administrators. Cybersecurity analysts might immediately remove the message from the inboxes of other users, add destination systems in links to a Domain Name System blackhole, identify systems that visited the link and run malware scans on them, block future messages from the same source, and perform other related actions. All of these tasks can be automated using SOAR technology.
LEARN MORE:Protect networks with next-generation endpoint security.
These three use cases are just starting points based on the types of automation that will benefit most organizations. As teams roll out SOAR technology, they should think about the pain points that they encounter and identify organization-specific use cases that will deliver the most value to their teams.
Here is the original post:
Demystifying Security Automation for University IT Teams - EdTech Magazine: Focus on K-12
- The Automation Conference - December 9th, 2016 [December 9th, 2016]
- The Best Home Automation Systems of 2016 | Top Ten Reviews - December 24th, 2016 [December 24th, 2016]
- Compact Automation - Actuators, Hydraulic Cylinders, Linear ... - December 24th, 2016 [December 24th, 2016]
- What is Home Automation? | Home Automation Systems - December 24th, 2016 [December 24th, 2016]
- Job Seekers - Automation Personnel Services - December 24th, 2016 [December 24th, 2016]
- iAutomation - December 25th, 2016 [December 25th, 2016]
- Beyond Automation - hbr.org - December 25th, 2016 [December 25th, 2016]
- Automation The Car Company Tycoon Game on Steam - December 25th, 2016 [December 25th, 2016]
- Automation - Wikipedia - December 25th, 2016 [December 25th, 2016]
- Build automation - Wikipedia - December 26th, 2016 [December 26th, 2016]
- Home - Enerwave Home Automation - December 27th, 2016 [December 27th, 2016]
- Automation | Technologies | Systems | Integrator ... - December 27th, 2016 [December 27th, 2016]
- Automation - DESHAZO - December 27th, 2016 [December 27th, 2016]
- Custom Automation & Machine Design | Automation GT - December 27th, 2016 [December 27th, 2016]
- IT Automation - BMC - December 27th, 2016 [December 27th, 2016]
- Werner Electric | Automation - January 28th, 2017 [January 28th, 2017]
- Automationtechies | Automation Engineering Recruiting - January 28th, 2017 [January 28th, 2017]
- Automation - Mazak Corporation - January 28th, 2017 [January 28th, 2017]
- Automation | Food Engineering - January 28th, 2017 [January 28th, 2017]
- Test Automation Services for Development of Regression ... - January 28th, 2017 [January 28th, 2017]
- UI Automation Overview - msdn.microsoft.com - February 5th, 2017 [February 5th, 2017]
- The Evolution of Automation and What It Means for the Integration Industry - Commercial Integrator - February 7th, 2017 [February 7th, 2017]
- Automation, robots could replace 250000 public sector workers in the next 15 years - Computer Business Review - February 7th, 2017 [February 7th, 2017]
- New telecom transformation goals require service automation - TechTarget - February 7th, 2017 [February 7th, 2017]
- Automation expected to displace insurance underwriters, real estate brokers - CIO Dive - February 7th, 2017 [February 7th, 2017]
- The Perks Of Automation And The Risks: Why To Think Twice About Getting Into That Driverless Uber - Forbes - February 7th, 2017 [February 7th, 2017]
- Voices Reinventing enterprise finance by overhauling AP automation - Accounting Today - February 7th, 2017 [February 7th, 2017]
- DFLabs Launches the First Security Automation and Orchestration Platform based Upon Supervised Active Intelligence - Business Wire (press release) - February 7th, 2017 [February 7th, 2017]
- VIDEO: Going Big on Automation in a Small Footprint Facility - ENGINEERING.com - February 7th, 2017 [February 7th, 2017]
- Building a better model of human-automation interaction - Phys.org - Phys.Org - February 7th, 2017 [February 7th, 2017]
- Cruise Automation Is Testing an App For Hailing Self-Driving Cars - Fortune - February 8th, 2017 [February 8th, 2017]
- AlixPartners examines automation in manufacturing and logistics management - Logistics Management - February 8th, 2017 [February 8th, 2017]
- Women need to look out for each other in automated workplaces - The Guardian - February 8th, 2017 [February 8th, 2017]
- Automation vs. the H-1B visa program: Which matters to employees? - TechTarget - February 8th, 2017 [February 8th, 2017]
- Automation is the unavoidable future of the economy - The Daily Cougar - February 8th, 2017 [February 8th, 2017]
- Speeders beware: Legislation would allow automation crackdown ... - SFGate - February 9th, 2017 [February 9th, 2017]
- Robots versus bureaucrats: Why public sector work is ripe for automation - Financial Post - February 9th, 2017 [February 9th, 2017]
- Rockwell Automation Surged 10% in January as Growth Picked Up Steam - Motley Fool - February 9th, 2017 [February 9th, 2017]
- Global Medical Automation Market to Reach Approximately $75.6 Billion by 2025 - By End User, Application ... - PR Newswire (press release) - February 10th, 2017 [February 10th, 2017]
- Automation 'key' to advancing Thai production - The Nation - February 10th, 2017 [February 10th, 2017]
- WorkWave Releases New Lead Management And Marketing ... - PR Newswire (press release) - February 10th, 2017 [February 10th, 2017]
- 'We employ insane levels of automation' Kris Canekeratne - Times of India - February 10th, 2017 [February 10th, 2017]
- Most people are optimistic about workplace automation, social data suggests - ZDNet - February 10th, 2017 [February 10th, 2017]
- Yes, there's a job creation argument for automation and technology ... - The Hill (blog) - February 10th, 2017 [February 10th, 2017]
- Technobabble: Automation and the modern worker - CIO Dive - February 10th, 2017 [February 10th, 2017]
- Improving Behavior Through Automation of Vehicle Systems - School Transportation News (blog) - February 11th, 2017 [February 11th, 2017]
- Automation Nightmare: Philosopher Warns We Are Creating a World Without Consciousness - Big Think - February 11th, 2017 [February 11th, 2017]
- Why Don't We See More Automation in Federal Networks? - Nextgov - February 11th, 2017 [February 11th, 2017]
- Automation can revitalize the US workforce - Fox News - February 11th, 2017 [February 11th, 2017]
- Readers Write (Feb. 12): The moose population; jobs, start-ups and automation; diversity in the funny pages - Minneapolis Star Tribune - February 12th, 2017 [February 12th, 2017]
- Automation can replace bureaucrats and save taxpayers money - Hot Air - February 12th, 2017 [February 12th, 2017]
- TigerStop hopes to ride automation to new heights - The Columbian - February 12th, 2017 [February 12th, 2017]
- Your Most Valuable Resource is Time Get More of it through Automation - CMS Critic (press release) (blog) - February 13th, 2017 [February 13th, 2017]
- What Does Device Automation Mean for Users? - Medical Device and Diagnostics Industry (blog) - February 13th, 2017 [February 13th, 2017]
- How To Beat Automation And Not Lose Your Job - Forbes - February 13th, 2017 [February 13th, 2017]
- Logistics firm gets automation boost - The Straits Times - February 14th, 2017 [February 14th, 2017]
- PP Control & Automation launch new video to kick-start exciting plans for 2017 - Manufacturer.com - February 14th, 2017 [February 14th, 2017]
- Automation's Impace on Data Center Monitoring Alerts - The Data Center Journal - February 14th, 2017 [February 14th, 2017]
- Hollysys Automation Technologies Reports Unaudited Financial Results for the First Half Year and the Second Quarter ... - PR Newswire (press release) - February 15th, 2017 [February 15th, 2017]
- 4 Automation Hacks to Save You Money and Manpower - Yahoo Finance - February 15th, 2017 [February 15th, 2017]
- Istuary Innovation Group and Bluewrist Partner to Bring Robotics and Automation into China's Manufacturing Sector - Yahoo Finance - February 15th, 2017 [February 15th, 2017]
- Redwood Software Named a Strong Performer in Independent Robotic Process Automation (RPA) Report - Yahoo Finance - February 15th, 2017 [February 15th, 2017]
- Boeing ramps up automation, innovation as it readies 737MAX | The ... - The Seattle Times - February 15th, 2017 [February 15th, 2017]
- Robots and AI are coming for our jobs, but can augmentation save us from automation? - Digital Trends - February 15th, 2017 [February 15th, 2017]
- The Impact of Bad Data in Automation: Why Quality Management is Critical - R & D Magazine - February 16th, 2017 [February 16th, 2017]
- Automation: Are We Empowering Human Interaction Or Displacing It? - Business 2 Community - February 16th, 2017 [February 16th, 2017]
- Life in the Fast LaneAutomation with Software-Defined Intelligence - InfoWorld - February 16th, 2017 [February 16th, 2017]
- Luddite Lefty Journalists Apparently Think Workplace Automation is Conservatives' Fault [VIDEO] - Daily Caller - February 16th, 2017 [February 16th, 2017]
- Will automation define the future of network technology? - TechTarget - February 16th, 2017 [February 16th, 2017]
- Editorial: Improving automation - The Motorship - February 17th, 2017 [February 17th, 2017]
- TigerText Unveils Role-based Scheduling Automation, Amazon Alexa integration - HIT Consultant - February 17th, 2017 [February 17th, 2017]
- 89% people want automation at workplace: Adobe - Economic Times - February 18th, 2017 [February 18th, 2017]
- Delta veers to EV parts, automation - Bangkok Post - February 18th, 2017 [February 18th, 2017]
- Robotic process automation makes nearshore outsourcing more ... - CIO - February 18th, 2017 [February 18th, 2017]
- The working-class job that Trump could save from automation - Washington Post - February 18th, 2017 [February 18th, 2017]
- China must be ready for automation - Basic Income News - February 18th, 2017 [February 18th, 2017]
- Bill Gates Says Robots Should Be Taxed Like Workers - Fortune - February 18th, 2017 [February 18th, 2017]
- Trump and automation challenge India's IT industry - VentureBeat - February 18th, 2017 [February 18th, 2017]
- Both Trump and Automation Are Challenging India's IT Industry - Fortune - February 20th, 2017 [February 20th, 2017]
- 89% people want automation at workplace: Adobe - ETCIO.com - February 20th, 2017 [February 20th, 2017]