Page 34 - Cyber Defense Magazine - Global Print Edition 2018
P. 34

security analysts see the most  alerts and increasing complexity  with the wisdom of their most
        direct  benefits,  because  SOAR  of       targeted     cyberattacks.   experienced analysts—past or
        automates       and     simplifies  Fortunately,   with    a    SOAR    present.
        repetitive manual tasks like event  platform,   when     an   analyst
        escalation, intelligence gathering,  opens up an incident record,
        contextualization,      scripting, the grunt work has already been  Happier
        collaboration, and reporting.  done.  With an incident already          It  may  seem  trivial,  but  the
        To illustrate how significant this  confirmed, contextualized, and      happiness of analysts can have
        impact can be, let’s take a look at  prioritized, an analyst simply     a significant impact on the
        how  a  SOAR  platform  can  make  needs to oversee the response—       functioning of a SOC.  Without
        an analyst smarter, faster, wiser,  and approve, when necessary—        the right systems in place,
        and even happier.                   any security actions, such as       analysts often get frustrated
        Smarter                             blocking a website, closing a       with the relentless pace of
                                            port, or disabling a compromised
        A  large  part  of  the  role  of  an   account. Compared to a manual   menial, repetitive tasks. With the
        analyst in an enterprise SOC is     response to a typical phishing      growing cybersecurity skills gap,
        evaluating what alerts pose real    incident, which might take an       high turnover can be crippling
        threats and how best to handle      hour, a SOAR-powered response       for a security team, because it is
        them. An analyst with a few years   should only take 45 to 90 seconds.   hard  to  hire  and  retain  talented
        of experience may have built up                                         employees
        their ability to effectively assess                                     Put simply, SOAR platforms reduce
        alerts, but with a SOAR platform  Wiser                                 burnout.  With automation and
        in place, their decisions can be                                        orchestration, analysts spend less
        augmented      with    contextual   Security teams accumulate tribal    time on tedious tasks like copying
        information     aggregated     via  knowledge over time about the       and pasting hashes, looking up
        integrations with the security      history and patterns of incidents,   reputation  data in  third-party
        systems and threat intelligence  plus the intricacies of their IT  apps, and chasing after false
        sources on which they rely.         and     security   infrastructure.  positives.  This lets  them focus

        Analysts can also use tools like link   Senior analysts can build up this   on meaningful tasks that require
        analysis  and  incident  timelines,  wisdom over time, but without a    skill and protect the company
        which      ease     investigations  way of documenting the lessons      from genuine threats. With SOAR,
        by  visualizing  patterns  and      they have learned, their wisdom     analysts get more done, feel less
        relationships. Even bi-directional   is lost when they leave the        overwhelmed,  and  have  much
        SIEM integrations help analysts     organization—or simply go on        higher job satisfaction.
        “be smarter”, because the SOAR
        tool   can    dynamically    grab   vacation.                            About the Author
        additional relevant data—from  With the right SOAR platform,
        a prior event, for example—and      senior colleagues can codify         Stan Engelbrecht
                                                                                 is the Director
        present it to the analyst as part of   their knowledge into playbooks,   of   Cybersecurity
        the incident record’s contextual                                         Practice  at  D3
                                                                                 Security and an
        element. No matter how skilled      guided workflows, and reports,       accredited  CISSP.
        your analysts are, having the full   and share their experience          Stan  is  involved
                                                                                            the
        story of each alert drastically     with the team, including in the      throughout  delivery
                                                                                 product
        reduces human error while  critical  onboarding  phase  for              and    customer
        boosting alert management and  new  analysts.  Junior  analysts          success  lifecycle,
        decision-making capabilities.       can also access historical data      and takes particular interest in working with
                                                                                 customers to configure solutions. You can find
                                            from every previous incident         Stan speaking about cybersecurity issues at
                                                                                 conferences, in the media, and as the chapter
        Faster                              to see how comparable cases          president for a security special interest group.
                                            have been handled in the past.       You can find more writing from Stan on the D3
        The need for speed is real—                                              website http://www.d3security.com/
        especially given the volume of      This empowers the entire team


        34 CYBER DEFENSE MAGAZINE – ANNUAL GLOBAL PRINT EDITION 2018  – SPONSORED BY TREND MICRO
   29   30   31   32   33   34   35   36   37   38   39