Page 34 - Cyber Defense Magazine - Global Print Edition 2018
P. 34
security analysts see the most alerts and increasing complexity with the wisdom of their most
direct benefits, because SOAR of targeted cyberattacks. experienced analysts—past or
automates and simplifies Fortunately, with a SOAR present.
repetitive manual tasks like event platform, when an analyst
escalation, intelligence gathering, opens up an incident record,
contextualization, scripting, the grunt work has already been Happier
collaboration, and reporting. done. With an incident already It may seem trivial, but the
To illustrate how significant this confirmed, contextualized, and happiness of analysts can have
impact can be, let’s take a look at prioritized, an analyst simply a significant impact on the
how a SOAR platform can make needs to oversee the response— functioning of a SOC. Without
an analyst smarter, faster, wiser, and approve, when necessary— the right systems in place,
and even happier. any security actions, such as analysts often get frustrated
Smarter blocking a website, closing a with the relentless pace of
port, or disabling a compromised
A large part of the role of an account. Compared to a manual menial, repetitive tasks. With the
analyst in an enterprise SOC is response to a typical phishing growing cybersecurity skills gap,
evaluating what alerts pose real incident, which might take an high turnover can be crippling
threats and how best to handle hour, a SOAR-powered response for a security team, because it is
them. An analyst with a few years should only take 45 to 90 seconds. hard to hire and retain talented
of experience may have built up employees
their ability to effectively assess Put simply, SOAR platforms reduce
alerts, but with a SOAR platform Wiser burnout. With automation and
in place, their decisions can be orchestration, analysts spend less
augmented with contextual Security teams accumulate tribal time on tedious tasks like copying
information aggregated via knowledge over time about the and pasting hashes, looking up
integrations with the security history and patterns of incidents, reputation data in third-party
systems and threat intelligence plus the intricacies of their IT apps, and chasing after false
sources on which they rely. and security infrastructure. positives. This lets them focus
Analysts can also use tools like link Senior analysts can build up this on meaningful tasks that require
analysis and incident timelines, wisdom over time, but without a skill and protect the company
which ease investigations way of documenting the lessons from genuine threats. With SOAR,
by visualizing patterns and they have learned, their wisdom analysts get more done, feel less
relationships. Even bi-directional is lost when they leave the overwhelmed, and have much
SIEM integrations help analysts organization—or simply go on higher job satisfaction.
“be smarter”, because the SOAR
tool can dynamically grab vacation. About the Author
additional relevant data—from With the right SOAR platform,
a prior event, for example—and senior colleagues can codify Stan Engelbrecht
is the Director
present it to the analyst as part of their knowledge into playbooks, of Cybersecurity
the incident record’s contextual Practice at D3
Security and an
element. No matter how skilled guided workflows, and reports, accredited CISSP.
your analysts are, having the full and share their experience Stan is involved
the
story of each alert drastically with the team, including in the throughout delivery
product
reduces human error while critical onboarding phase for and customer
boosting alert management and new analysts. Junior analysts success lifecycle,
decision-making capabilities. can also access historical data and takes particular interest in working with
customers to configure solutions. You can find
from every previous incident Stan speaking about cybersecurity issues at
conferences, in the media, and as the chapter
Faster to see how comparable cases president for a security special interest group.
have been handled in the past. You can find more writing from Stan on the D3
The need for speed is real— website http://www.d3security.com/
especially given the volume of This empowers the entire team
34 CYBER DEFENSE MAGAZINE – ANNUAL GLOBAL PRINT EDITION 2018 – SPONSORED BY TREND MICRO