Security Consoles Running Amok? SOAR Above The Fray
Sometimes it seems as there’s a security solution for every attack, and as attacks multiply, so does the number of security consoles that need tending in the corporate datacenter. From IDS and IPS to SEIM, data leak prevention and virus control, companies today have so many security solutions in play that they’re having trouble keeping this whole acronym salad properly tossed. The Internet of Things takes these issues to a whole new level because there will be billions of devices – an enormous attack surface that will doubtless spawn myriad new hacking exploits.
Today’s security operations centers (SOCs) typically have dozens of security tools to detect, investigate and remediate threats. More often than not, these tools don’t talk to one another, requiring security teams to navigate multiple screens and learn a variety of systems to do their jobs, and communication among team members isn’t always as good as it should be.
How to stop the sprawl? Security Orchestration, Automation and Response (SOAR) platforms tame the chaos. By orchestrating inputs from many different security systems, IT organizations can reduce confusion and help streamline security monitoring and remediation. SOAR platforms connect and integrate disparate cybersecurity technologies and processes. Security orchestration brings together separate tools so they work in concert with one another.
There are a number of companies in the SOAR space, including Demisto, IBM, Rapid7, Siemplify, Splunk and Swimlane. A SOAR platform typically comes with plug-ins or APIs to integrate individual security tools under one umbrella. While there’s no substitute for pinpoint monitoring for malware and cyberattacks, SOAR platforms can integrate inputs from many discrete tools and then take action automatically to disable threats. Simply put, a SOAR allows security administrators to see more of the whole picture.