Balancing SOAR in a Dynamic Cyber Landscape

            Implementing SOAR solutions presented inherent complexities, largely due to the need for continuous
            adjustment to meet the vast and evolving cyber challenges organizations face. From new partners and
            security solutions being added to the organization, not only does the threat landscape expand, but so
            does the way in which automation responds to these new adjustments. This begs the question then: How
            do you keep an up-to-date security posture if you don’t have full insight into the inner workings of your
            business environment?

            With this skepticism towards full automation, a nuanced market emerged, one that prioritizes security
            solutions  capable  of  identifying  gaps  beyond  mere  log  analysis.  Modern  expectations  extend  to
            automation driven by machine learning, offering not just step-by-step playbooks but also the flexibility for
            customers to engage directly with the remediation process. This approach must be intuitive enough for
            security analysts to navigate effectively, blending automated efficiency with human judgment.



            Rethinking Automation and Building (Human) Trust

            The distinction between "automated remediation" and "automatic remediation" has become central to
            understanding market dynamics. Customers are looking for solutions  that provide the scaffolding for
            automation but leave room for human intervention and decision-making. Furthermore, the demand for
            open systems, accessible via API for those with the technical prowess, underscores a desire for flexibility
            and control over automated processes. The key here is adding in some sort of human element because
            without that automation can’t be fully trusted.

            The narrative around full automation in cybersecurity has often been romanticized, painting a picture of
            a self-sufficient, self-correcting system capable of managing security threats without human intervention.
            However, this overlooks a fundamental aspect of technology adoption: trust. Trust in technology is not a
            given; it must be earned and maintained through transparency, reliability, and the ability to intervene
            when necessary. As we move forward, the challenge for vendors and cybersecurity professionals will be
            to  continue  refining  these  technologies,  ensuring  they  are  not  only  effective  and  efficient  but  also
            trustworthy and adaptable to meet the organization’s needs and the threats posed.



            About the Author

            Oren Koren is the Co-Founder and Chief Product Officer of Veriti. Oren brings
            19 years of experience in cybersecurity, advanced threat analysis, and product
            management. Prior to founding Veriti, Oren was a Senior Product Manager at
            Check Point Software Technologies, where he led AI-based innovations and
            advanced  data  analytics  projects  redefining  threat  hunting  and  SIEM
            applications. Before Check Point,  Oren served for 14 years at the prestigious
            8200 unit and was responsible for different cybersecurity activities and research.
            Oren won the Israeli Security Award and 3 MOD awards for cutting-edge innovations in cyber security.
            Oren can be reached at our company website https://veriti.ai/




            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          207
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.