Tech,Space,Gaming, and Science Fiction News to wet your whistle
SOAR: Doing More with Less
Security orchestration, automation and response model has many benefits, including some that are unintended
Security teams in every industry and vertical are facing a common set of challenges. Namely, defending against an endless stream of cyberattacks, having too many security tools to manage, dealing with overwhelming workloads, and having a shortage of skilled security analysts. Most enterprises try to solve these challenges the old-fashioned way — by adding more tools and hoping they deliver on their promises.
Progressive enterprises are adopting a new approach, called Security Orchestration, Automation and Respons (SOAR) that focuses on making existing technologies work together to align and automate processes. SOAR also frees security teams to focus on mitigating active threats instead of wasting time investigating false positives, and performing routine tasks manually.
What is SOAR?
SOAR enables security operations centers (SOCs), computer security incident response teams (CSIRTs) and managed security service providers (MSSPs) to work faster and more efficiently.
Security Orchestration connects disparate security systems as well as complex workflows into a single entity, for enhanced visibility and to automate response actions. Orchestration can be accomplished between security tools via integration using APIs to coordinate data alert streams into workflows.
Automation, meanwhile, executes multiple processes or workflows without the need for human intervention. It can drastically reduce the time it takes to execute operational workflows, and enables the creation of repeatable processes and tasks.
Instead of performing repetitive, low level manual actions, security analysts can concentrate on investigating verified threats that require human analysis.
Some SOAR approaches even use machine learning to recommend actions based on the responses used in previous incidents.
Three elements make up a successful SOAR implementation:
Collaboration - is essential for creating efficient communication flows and knowledge transfer across security teams.
Incident Management - ideally, a single platform will process all inputs from security tools providing decision-makers with full visibility into the incident management process.
Dashboards and Reporting - provide a comprehensive view of an enterprise's security infrastructure as well as detailed information for any incident, event, or case.
One of the primary benefits of SOAR is its flexibility. It can be used to unify operations across an enterprise's entire security ecosystem, or as a vertical solution integrated within an existing product.
For example, one of the most popular product categories for this kind of vertical implementation is Security Information and Event Management (SIEM). Primarily because SOAR within a SIEM can have broad applicability across a wide range of processes. In contrast, when SOAR is implemented within other product areas, such as Threat Intelligence, it tends to have a more limited scope.
Initially, SOAR was designed for use by SOCs. However, as the approach matured and proved its benefits, other groups have adopted it including managed security services providers (MSSP) and computer security incident response teams (CSIRT). More recently, financial fraud and physical security team have also turned to SOAR.
Top Five SOAR Benefits
Arguably, the most powerful benefit of SOAR is its ability to integrate with just about any security process or tool already in use — and to enhance the performance and usefulness of each. Tight integration improves the efficiency of security teams to detect and remediate threats and attacks. It provides a single 'pane of glass' into asset databases, helpdesk systems, configuration management systems, and other IT management tools.
SOAR arms security teams with the ability and intelligence to react faster and more decisively to a threat or attack by unifying information from multiple tools and creating a single version of the truth.
Security teams waste an inordinate amount of time and energy dealing with false positives, since there are so many of them generated each day. SOAR automates the triage and assessment of low-level alerts, freeing staff to focus their attention where it is really needed.
Security staff spend way too much time on menial tasks such as updating firewall rules, adding new users to the network, and removing those who have left the company. SOAR virtually eliminates such time-consuming, repetitive functions.
Although cutting costs is rarely a driving factor for adopting SOAR, it often delivers this additional benefit by improving efficiencies and staff productivity.
Unifying and making existing security tools work together, rather than in silos, delivers greater visibility into threats. Implementing an SOAR model can provide the glue to make this security intelligence actionable using repeatable processes for faster incident response that does not require adding more resources.
About the Author:Michele Zambelli has more than 15 years of experience in security auditing, forensics investigations and incident response. He is CTO at DFLabs, where he is responsible for the long-term technology vision of its security orchestration, automation and response platform, managing R&D and coordinating worldwide teams.
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Google has been regularly adding new language support to Gboard , its popular keyboard for iOS and Android. Today, it updated the Android version of its keyboard app with 18 new languages, according to the changelog. You can see the full list of languages the app now supports over at Google Support (over 400!) and download the app from the Google Play store . However, Android Police notes that, when looking at the Google Support list, it could only find 16 new languages or language varieties. These are: Arabic (Gulf) Buryat (Mongolia) Buryat (Russia) Cornish Gondi (Devanagari) Greek (Cyprus) Hakka Hausa (Ghana) Khorasani Turkic (Arabic) Lower Sorbian Mandeali Mundari (Bengali) Portuguese (Macau) Shekhawati Siberian Tatar Talysh (Russia). Additional changes include Japanese support for Android TV
Cuando llevas miles de horas gestionando entornos vSphere, es posible que te encuentres con situaciones o problemas extraños con tus VMs, como es el caso de este post, donde veremos... Leer más » La entrada Forzar el reinicio de una VM que no responde en vSphere aparece primero en Blog de Cenabit . via Latest imported feed items on VMware Blogs https://ift.tt/2OIPfR4 If New feed item from https://blogs.vmware.com/feed , then send me an email at kr