Maksim Kabakou – Fotolia
Implementing a security orchestration automation and response (SOAR) tool is a crucial capability for security operations teams to perform incident response effectively. Security event volume continues to grow
exponentially, and the right technology components need to be in place to set an organisation up for success.
A security information and event management (SIEM) is that central building block needed to get the most out of a SOAR tool. These two security tools offer complementary capabilities that are essential to keep pace with ever-increasing and more sophisticated threats.
It is important for organisations that may be deciding when or how to implement either of these tools to understand the differences and benefits of each prior to making strategic decisions.
A SIEM tool is primarily utilised to aggregate and correlate organisation event data in a central location. It allows security engineers to configure rule sets and thresholds by which to generate alerts on only the most meaningful and high-risk events, based on the unique risk profile of each organisation. SIEM tools parse countless volumes of data to reduce noise and filter down to a subset that require further investigation and action.
A SOAR tool, on the other hand, is used to link disparate tools across an organisation’s IT infrastructure to orchestrate or automate response actions based on predefined workflows or “playbooks.”
SOAR capabilities enable security teams with fixed resources to scale to meet the demands of higher event volume through increased automation capabilities. Traditionally manual processes such as configuration updates, rule changes or other steps can now be executed in a partially automated or fully automated manner in response to specific event types.
SIEM technology is absolutely essential to a security programme. It is that foundational building block that other tools can integrate with and truly elevate incident response capabilities to the next level.
For an organisation to derive the greatest benefits from a SOAR implementation, it should be done after a well-tuned SIEM tool is in place. Existing event aggregation and correlation by the SIEM tool provides a mechanism for the SOAR component to facilitate actions with greater automation based on the full scope of security events from the organisation.
When SOAR functions are implemented without a SIEM, some siloed automation may be performed in conjunction with tool integration, but the additional event context produced from a SIEM is going to be missing. Without SIEM functionality, the full benefits from implementing a SOAR tool will not be realised.
SOAR capability can elevate security programs to that next level of operational efficiency when building on SIEM technology. However, technology alone cannot transform an organisation – it will only serve as a conduit for greater efficiencies and enable teams to do more with less.
To make the most out of a SOAR tool investment, senior leaders should consider the following:
Security tools can provide immense benefits, but without the proper planning and operational structure within an organisation, the full benefits may not be realised. The prospect of greater security insights along with orchestration and automation to keep pace with evolving threats and protect sensitive data may be all the incentive needed to maximise new security tools.
In this e-guide, we will explore the links between ransomware attacks, data breaches and identity theft. First, Nicholas Fearn investigates the phenomenon of the double extortion attack, and shares some insider advice on how to stop them, while we’ll explore the top five ways data backups can protect against ransomware in the first place.
CIO dashboards can be a vital tool for assessing metrics in real time to gain insight on IT performance and support better …
The business response to COVID-19 has accelerated technology adoption, making emerging technologies a more accessible and …
The Open Group is teaming up with a United Nations agency on best practices, guides and standards to show resource-strapped …
Companies looking to introduce security testing earlier into software development must look past myths and understand what to …
The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as…
In his GitHub post, researcher Oskars Vegeris discussed Microsoft classifying the vulnerability as “Important” rather than “…
Network performance is a top issue among IT teams and remote workers amid the pandemic and can correlate with other technical …
The Apstra acquisition could help Juniper sell networking hardware and software to heterogeneous data centers and large-scale …
Network teams can avoid signal coverage issues by performing different wireless site surveys as they evaluate new spaces, set up …
Colocation facility costs can include anything from power fees and bandwidth service charges to connectivity expenses, change …
In any multi-tenant IT environment, noisy neighbors can be an issue. Here’s a closer look at how the challenges differ in the …
Use this data center selection checklist to make fair and comprehensive comparisons between colocation data center providers …
Raj Verma, CEO of SingleStore, explains why the vendor rebranded from MemSQL and how its platform is more than just an in-memory …
Collibra CEO discusses the importance of data governance for enterprises and how to tie data governance to business terminology …
The enterprise edition of the MySQL database is being enhanced on Oracle Cloud Infrastructure to enable users to run analytics …
All Rights Reserved, Copyright 2000 – 2020, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info
