Listening to ‘CISO Security Vendor Relationship‘ (a great resources!) I heard the following aimed at vendors:
Don’t market as simply ‘saving time or money’, it’s lazy, and not everyone needs to save money.
Which is tough because these are literally the concept of SOAR.
So I challenged myself to write a pitch for SOAR, in 5 sentences, without these lazy sentences, aimed at someone who is new to the SOAR concept.
Note – This is just my little game, it’s not an approved or sanctioned pitch from any vendor
Security teams typically spend too much resource (money, time and brain cycles) on the simple tedious tier 1 soul destroying work.
When busy, humans can be unresponsive (minutes/hours/days), expensive (time/money/brain cycles), forgetful (deviating from process) and easily distractible.
So when Analysts should be deep investigating, concentrating and self learning, they are infact trying to keep up with 1000 smaller things a day (alerts, processes, actions etc).
SOAR aims to automate these tasks in seconds and minutes (either completely or just the heavy lifting/preparation) allowing analysts to use their brains and not the control+c key.
How we do that (automation, case management, threat intelligence platforms, machine learning etc), how we differentiate, and our typical use cases would be great things to have a follow up chat about.
Andy