Nice article over at TechRadar
https://www.techradar.com/uk/news/unlocking-the-power-of-soar
Andy
Dragging Security Operations into the 21st century, One playbook at a time
Nice article over at TechRadar
https://www.techradar.com/uk/news/unlocking-the-power-of-soar
Andy
Source Article
https://www.linkedin.com/pulse/ashes-we-all-fall-down-death-siem-rise-soar-alissa-valentina-knight/
(SOAR is) taking SIEM further by combining data collection, threat and vulnerability management, incident response and case management, workflow, and analytics
Agreed, will SIEM have to adapt? Is it as easy to shoehorn SOAR into SIEM as it is SIEM into SOAR?
FireEye polled C-level security executives at large enterprises worldwide and found that 36% of respondents receive more than 10,000 alerts each month from their SIEM, of those alerts, 52% were false positives and 64% were redundant#
I’d not come across the 64% statistic before, though I believe it completely. Too many tools alert the same alert over and over. The ability to check incoming alert for duplicates is something I’ve written about before
SIEM required daily, round-the-clock tuning by a seasoned staff
So nice to see someone else say this. Almost every time I hear “our SIEM dashboard is amazing and gives us everything” I dig deeper and finally they admit “well yes we have a full time consultant dedicated”. I’m not knocking SIEM but that is a reality.
Andy
https://www.linkedin.com/pulse/next-generation-security-operations-nick-coppock/
“technology needs to become the workhorse rather than a generator of SOC work”
“The use of automation should also reduce dwell time on many frequent alert types which in turn”
We get asked a lot about SOAR in the GMC.
Short answer, there isn’t one (yet) as the space is new, and all vendors are tackling SOAR coming in from different angles.
However a quick google for…
Gartner SOAR cool vendor
…is interesting.
“We also saw a small number of organizations adopting SOAR at the time of their initial SOC build-out”
https://blogs.gartner.com/anton-chuvakin/2018/07/13/soar-native-soc-can-this-work/
Words can’t express how jealous the SOC Analyst 2013 version of me would be hearing this, a SOC built around and focusing on the efficiencies of workflow and time savings!