5 SOAR Implementation Pitfalls to Avoid - PowerPoint PPT Presentation

About This Presentation
Title:

5 SOAR Implementation Pitfalls to Avoid

Description:

SOAR holds the promise of driving process improvement, increasing efficiency and maximizing effectiveness for enterprise SOCs. As such, as you embark upon a SOAR implementation project, be sure to be clear on how it can best enable your team to maximize the use of the security tools you already have, empower your existing team and inject new structure to your processes and techniques. – PowerPoint PPT presentation

Number of Views:51

less

Transcript and Presenter's Notes

Title: 5 SOAR Implementation Pitfalls to Avoid


1
5 SOAR Implementation Pitfalls to Avoid
2
Introduction
  • Theres no doubt, organizations around the globe
    are investing in security orchestration,
    automation and response (SOAR) solutions. While
    today, less than 1 of large enterprises use SOAR
    technologies, by 2020 15 of organizations with a
    security team of more than five are expected to
    leverage these tools.

3
The benefits of security orchestration,
automation and response (SOAR) are many - if
executed correctly
4
Consolidating Disparate Security Tools
  • To effectively counter the different types of
    cyber threats and attack vectors, organizations
    acquire or subscribe to multiple security tools
    or services - SIEM, EDR, threat intelligence
    service, anti-malware, sandboxing solution, and
    many others.
  • SOAR solutions bring together individual security
    tools in a way that allows SOC teams to
    orchestrate and manage them more efficiently from
    a single platform.

5
Why Enterprises Implement SOAR
  • Given that we are still early in the adoption of
    SOAR, there isnt a set roadmap for success in
    implementing these solutions. After talking with
    dozens of companies embarking on SOAR projects,
    weve been able to identify what can set your
    organization up for success and the pitfalls to
    avoid.

6
Making Up For Security Staff Shortages
  • Organizations already know they have to deal with
    the cybersecurity talent gap, a problem that
    seems to be worsening every year. ESGs research
    finds the shortage has been growing steadily
    since 2014. Enterprise SOCs typically have job
    requisitions open for analysts of all levels that
    take months to fill and finding experienced
    analysts is the toughest.

7
Improve Incident Response Processes
  • Teams can handle alerts and resolve issues
    faster, more effectively with a greater degree of
    consistency if they follow a documented, codified
    set of processes. This can be achieved by
    leveraging playbooks inherent in SOAR solutions
    to document tribal knowledge and ensure processes
    are executed the same way every time across the
    SOC.

8
SOAR Implementation Pitfalls To Avoid
  • Now that weve taken a peek at the main reasons
    why organizations embark on SOAR projects, its
    time to discuss the common missteps that can keep
    you from realizing the full potential of a SOAR
    solution.

9
Trying To Automate Everything
  • With so many manual processes and staff in short
    supply, it can be tempting to go all in on
    security automation. After all, there is no
    shortage of articles about its ability to
    alleviate the overload experienced by today's
    SOCs.
  • If youre just starting out, identify processes
    that are prime candidates for automation and
    implement SOAR in those areas first. From there
    you can determine how to continue forward on the
    automation component of your journey.

10
Incident Response Processes - 'Set It Forget
It'
  • You cant get everything right the first time.
    Even if youve devoted a lot of time and energy
    designing a particular incident response
    playbook, theres still a good chance it wont
    turn out to be perfect. Besides, the tactics,
    techniques and procedures (TTPs) of cyber threats
    evolve with time. Thus, you need to adapt and
    incorporate changes accordingly.

11
Conclusion
  • SOAR holds the promise of driving process
    improvement, increasing efficiency and maximizing
    effectiveness for enterprise SOCs. As such, as
    you embark upon a SOAR implementation project, be
    sure to be clear on how it can best enable your
    team to maximize the use of the security tools
    you already have, empower your existing team and
    inject new structure to your processes and
    techniques.
Write a Comment
User Comments (0)
About PowerShow.com