SOARX :Security, Orchestration, Automation & Response. SOAR Picture

SOARX, Mitigating Threats

Threats to organisations are coming thick and fast from a variety of different directions, and often businesses do not have adequate, or up-to-date, solutions to mitigate them.

Many find themselves with layered security systems; multiple data packages all trying to work in sync with each other, a result of the continued adoption of the latest software packages, with little holistic forethought.

This commonly seen situation is far from ideal, and now, more than ever, there is a definite need to employ a system that can look at the complete structure. One that can drill through the layers and unify the threats into a single view.  It should have the built-in ability to take appropriate action, based on business dynamics relevant to the threat, stopping the attack from happening in the first place.

Gartner was first to define SOAR as Security Orchestration, Automation and Response (SOAR). Solutions should provide three core functions; Orchestration and Automation, which enable Response, as well as Measurement.

They explained, “SOAR solutions are gaining visibility and real-world use, driven by early adoption, to improve security operations centres. Security and risk management leaders should start to evaluate how these solutions can support and optimise their broader security operations capabilities.”

SOARX, is such a solution.  It provides a central management offering to security orchestration, automation and response, going beyond existing SOAR offerings due to its ability to fully manage, monitor, automate, and orchestrate complex network and security ecosystems, from a single pane of glass, not only for known applications or devices but also custom-built applications, legacy devices, and cloud-based services both public and private.

Applying business logic to the findings of the system enables proactive actions to be taken that can be linked to the level of threat on a particular application or device. Take a reservations system, for example, a threat to a bookings system can be graded so that a low threat level would not be taken offline, resulting in loss of revenue. The old-style Intrusion Prevention Systems (IPS) are unable to do this, as they only have an on/off approach.

Furthermore, using SOARX in such scenarios as the one above can be fed into an existing Support Ticketing system to make the wider management team aware of a critical incident from which SOARX could be instructed to take automated action, or the ticket could be passed to a technician to deal with the situation.

Using the platform for the migration of systems and devices is another benefit.  Switching from one load balancing company to another. Normally a complicated thing, fraught with potential errors and downtime, but with a SOARX approach, configurations can be replicated whilst both systems are in place and working together. Once the new system is deployed and signed off, the old system can be taken offline, by SOARX, in a controlled way.

This type of a system is truly able to manage complex networks of systems and applications, which is not bound by ‘standard’ communications, but is a truly multilingual, multi-disciplined platform that enables organisations to have a much greater view on their world and, make decisions based on real information, not speculation.

When considering SOARX, it is critical to begin by identifying the gaps in the current security program that you are trying to solve. Are you trying to better orchestrate and automate your disparate security technologies? Are you trying to better define your security workflow? Are you seeking a solution that provides better incident management capabilities?

Once the core target problems have been documented, it is possible to identify the processes to be performed by the SOARX. It will be critical to ensure it is possible to perform each process in the desired manner.

Additionally, any integrations with existing tools and technologies that may be needed should be identified and categorised as either ‘must-haves’ or ‘nice to haves’.

SOARX will increase the effectiveness and efficiency of the overall security program. Return on investment (ROI) is critical and SOARX has an inbuilt ROI calculator to identify cost savings the system is creating. It is important to keep in mind that the focus of automation should be on supporting people, processes, and force multiplication, not to replace analysis.

For organisations finding themselves with a complex web of differing security packages, with the expense and manpower necessary to maintain them, SOARX is really a ‘no brainer’!

Every organisation can benefit from added protection. call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.