SlideShare a Scribd company logo

SOAR-A Love Story - Ethan Packard.pptx

Download as PPTX, PDF
A
Alejandro Daricz

.

Technology
1 of 9
1 Fortify YOUR Defense with CyberSponse Adaptive Security
2 What is Security Orchestration Automation & Response? Why do I care or need it?
3 Multiple Logins Attempts Auth Events SIEM Rules Alert Mission: Block Malicious Intent or Close as False Positive Source Target Response Who is? Asset? Block IP Geolocation? Owner? Disable Account Reputation? Cause? Patch Vulnerability Threat Intel? Who else? What are the key things Security Teams should look to automate? TTR Status Next 12 Mins? False Positive? 100+ alerts in queue • 3+ Security Tools • 3+ Security Staff What are the key elements needed to be ready for SOAR? • Email Phishing • Endpoint Infections • Hunt, Block & Tackle • Incident Response
4 Alert Fatigue Slow Response Times Lack of Collaboration Challenges  Alerts Overload  Lenient Rules > False Positives > Alert Fatigue  Strict Rules > True Negatives > Weak Security  Multiple, Disintegrated Tools  Fact: You would easily have 18 to 25 products to deal with  Question: How many SIEM or Firewalls can you learn?  Manual and Inconsistent responses causing weak security posture Solution: SOAR augments human analyst Single Pane of Glass to manage all activities of SOC  Measure and Boost SOC Efficiency  Deliver consistent investigation and response  Leverage automation without programing skills Salient Features and Use Cases  Integrated with SIEM to receive, respond and close the alert  Automated Triaging, Enrichment, Investigation and Remediation  Investigations for Phishing, C&C, Data Exfiltration etc.  Automated Remediation with human approval  Integrations with 250+ products, 3000+ actions Challenges that SOAR Solves in Current Environment
5 Investigate Remediate Enrich Ingest Triage Contain  250+ Connectors, 3000+ Actions SOAR’s Integrate your SOC with diverse tools
6 Incident Response Platform  Highly Configurable  Role based Access  Multi-Tenant  Case Management Orchestration & Automation  Playbooks  Connectors/Integrations Case Management  Highly configurable platform  Contextual Data Visualization  Build your own Modules Automated Playbooks  Visual Playbook Designer,  Out of Box Connectors,  Real Life Use Case’s Reference Content Multi Tenant  Distributed/Federated Architecture  Control Access to Data and Playbooks SOAR Platform Why you want an Incident Response and Automation Platform
7 Response Playbooks SOAR Alert Record SOAR’s Automate Information Flow & Incident Response SIEM Alerts eMails Other Alerts (EDR, IDS etc) Integrations Orient Gauge the Impact Action  Block URL, IP, Domain, File hash  Disable User Account  Reset Password Observe Enriched contextual data from  Threat Intel,  Asset Management,  User Directory,  Historical Data Decide Manual Decisions, Tasks, Approvals Actionable Data
8 Cost Savings Threat Window Time Per to Complete Weekly Incidents Time Spent Time Time Cost Savings Annually Savings (Hours) Savings (%) ($150/h) 45 50 390 0 0% $0.00 Manual minutes Incidents hours hours 22 75 190 200 75% $180,000 Semi-Automated minutes Incidents hours hours 1.4 100 12 378 98% $472,800 Automated Minutes Incidents hours hours MANAGE ALERTS FASTER RESPONSE INCREASE MORALE How to Obtain a Security Operations ROI with SOAR
9 Explore CyOPs TM Community Edition Solutions: SOC Automation, Vulnerability Management and BYOS Manage: Alerts, Incidents, Indicators, Tasks across Tenants Measure: MTTD, MTTR, ROI, Reports, Dashboards Respond: Automate, Visual Playbook Designer, Out of Box Connectors Reach us at Sales@CyberSponse.com

Recommended

SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Robert Crane
 
Automating cybersecurity
Automating cybersecurityAutomating cybersecurity
Automating cybersecuritySingtel
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 

Recommended

SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Robert Crane
 
Automating cybersecurity
Automating cybersecurityAutomating cybersecurity
Automating cybersecuritySingtel
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecuritySecuraa
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Incident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEOIncident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEOPaul Dutot IEng MIET MBCS CITP OSCP CSTM
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons Computer Learning Centers / 5PE
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and complianceDean Iacovelli
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-EraJK Tech
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinelAdam Ochs
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptxAjit Wadhawan
 
Fluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data ConclaveFluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data Conclavefluturads
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...Jürgen Ambrosi
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
SIEM for Beginners
SIEM for BeginnersSIEM for Beginners
SIEM for BeginnersBAKOTECH
 
CZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptxCZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptxAlejandro Daricz
 
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsxFortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsxAlejandro Daricz
 

More Related Content

Similar to SOAR-A Love Story - Ethan Packard.pptx

Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecuritySecuraa
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and complianceDean Iacovelli
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-EraJK Tech
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinelAdam Ochs
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
Fluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data ConclaveFluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data Conclavefluturads
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...Jürgen Ambrosi
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
SIEM for Beginners
SIEM for BeginnersSIEM for Beginners
SIEM for BeginnersBAKOTECH
 

Similar to SOAR-A Love Story - Ethan Packard.pptx (20)

Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecurity
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Incident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEOIncident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEO
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
 
Fluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data ConclaveFluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data Conclave
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
 
SIEM for Beginners
SIEM for BeginnersSIEM for Beginners
SIEM for Beginners
 

More from Alejandro Daricz

CZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptxCZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptxAlejandro Daricz
 
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsxFortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsxAlejandro Daricz
 
Fortify-overview-300-v2.pptx
Fortify-overview-300-v2.pptxFortify-overview-300-v2.pptx
Fortify-overview-300-v2.pptxAlejandro Daricz
 
Red Hat Ansible Client presentation Level 2.PPTX
Red Hat Ansible Client presentation Level 2.PPTXRed Hat Ansible Client presentation Level 2.PPTX
Red Hat Ansible Client presentation Level 2.PPTXAlejandro Daricz
 
FortiRecon Sales Presentation (1).pptx
FortiRecon Sales Presentation (1).pptxFortiRecon Sales Presentation (1).pptx
FortiRecon Sales Presentation (1).pptxAlejandro Daricz
 
meraki-mx-sizing-principles-english.pdf
meraki-mx-sizing-principles-english.pdfmeraki-mx-sizing-principles-english.pdf
meraki-mx-sizing-principles-english.pdfAlejandro Daricz
 
Imperva-presentacion-GMS.pdf
Imperva-presentacion-GMS.pdfImperva-presentacion-GMS.pdf
Imperva-presentacion-GMS.pdfAlejandro Daricz
 
Microsoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptxMicrosoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptxAlejandro Daricz
 
comptia-secplussy0601-1-15-threat_intelligence_osint.pptx
comptia-secplussy0601-1-15-threat_intelligence_osint.pptxcomptia-secplussy0601-1-15-threat_intelligence_osint.pptx
comptia-secplussy0601-1-15-threat_intelligence_osint.pptxAlejandro Daricz
 
Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Alejandro Daricz
 
Citrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guideCitrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guideAlejandro Daricz
 

More from Alejandro Daricz (14)

CZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptxCZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptx
 
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsxFortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
 
Fortify-overview-300-v2.pptx
Fortify-overview-300-v2.pptxFortify-overview-300-v2.pptx
Fortify-overview-300-v2.pptx
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
 
Red Hat Ansible Client presentation Level 2.PPTX
Red Hat Ansible Client presentation Level 2.PPTXRed Hat Ansible Client presentation Level 2.PPTX
Red Hat Ansible Client presentation Level 2.PPTX
 
FortiRecon Sales Presentation (1).pptx
FortiRecon Sales Presentation (1).pptxFortiRecon Sales Presentation (1).pptx
FortiRecon Sales Presentation (1).pptx
 
OT Solution Overview.pptx
OT Solution Overview.pptxOT Solution Overview.pptx
OT Solution Overview.pptx
 
meraki-mx-sizing-principles-english.pdf
meraki-mx-sizing-principles-english.pdfmeraki-mx-sizing-principles-english.pdf
meraki-mx-sizing-principles-english.pdf
 
Imperva-presentacion-GMS.pdf
Imperva-presentacion-GMS.pdfImperva-presentacion-GMS.pdf
Imperva-presentacion-GMS.pdf
 
Microsoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptxMicrosoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptx
 
Liderazgo Ágil
Liderazgo ÁgilLiderazgo Ágil
Liderazgo Ágil
 
comptia-secplussy0601-1-15-threat_intelligence_osint.pptx
comptia-secplussy0601-1-15-threat_intelligence_osint.pptxcomptia-secplussy0601-1-15-threat_intelligence_osint.pptx
comptia-secplussy0601-1-15-threat_intelligence_osint.pptx
 
Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018
 
Citrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guideCitrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guide
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

SOAR-A Love Story - Ethan Packard.pptx

  • 1. 1 Fortify YOUR Defense with CyberSponse Adaptive Security
  • 2. 2 What is Security Orchestration Automation & Response? Why do I care or need it?
  • 3. 3 Multiple Logins Attempts Auth Events SIEM Rules Alert Mission: Block Malicious Intent or Close as False Positive Source Target Response Who is? Asset? Block IP Geolocation? Owner? Disable Account Reputation? Cause? Patch Vulnerability Threat Intel? Who else? What are the key things Security Teams should look to automate? TTR Status Next 12 Mins? False Positive? 100+ alerts in queue • 3+ Security Tools • 3+ Security Staff What are the key elements needed to be ready for SOAR? • Email Phishing • Endpoint Infections • Hunt, Block & Tackle • Incident Response
  • 4. 4 Alert Fatigue Slow Response Times Lack of Collaboration Challenges  Alerts Overload  Lenient Rules > False Positives > Alert Fatigue  Strict Rules > True Negatives > Weak Security  Multiple, Disintegrated Tools  Fact: You would easily have 18 to 25 products to deal with  Question: How many SIEM or Firewalls can you learn?  Manual and Inconsistent responses causing weak security posture Solution: SOAR augments human analyst Single Pane of Glass to manage all activities of SOC  Measure and Boost SOC Efficiency  Deliver consistent investigation and response  Leverage automation without programing skills Salient Features and Use Cases  Integrated with SIEM to receive, respond and close the alert  Automated Triaging, Enrichment, Investigation and Remediation  Investigations for Phishing, C&C, Data Exfiltration etc.  Automated Remediation with human approval  Integrations with 250+ products, 3000+ actions Challenges that SOAR Solves in Current Environment
  • 5. 5 Investigate Remediate Enrich Ingest Triage Contain  250+ Connectors, 3000+ Actions SOAR’s Integrate your SOC with diverse tools
  • 6. 6 Incident Response Platform  Highly Configurable  Role based Access  Multi-Tenant  Case Management Orchestration & Automation  Playbooks  Connectors/Integrations Case Management  Highly configurable platform  Contextual Data Visualization  Build your own Modules Automated Playbooks  Visual Playbook Designer,  Out of Box Connectors,  Real Life Use Case’s Reference Content Multi Tenant  Distributed/Federated Architecture  Control Access to Data and Playbooks SOAR Platform Why you want an Incident Response and Automation Platform
  • 7. 7 Response Playbooks SOAR Alert Record SOAR’s Automate Information Flow & Incident Response SIEM Alerts eMails Other Alerts (EDR, IDS etc) Integrations Orient Gauge the Impact Action  Block URL, IP, Domain, File hash  Disable User Account  Reset Password Observe Enriched contextual data from  Threat Intel,  Asset Management,  User Directory,  Historical Data Decide Manual Decisions, Tasks, Approvals Actionable Data
  • 8. 8 Cost Savings Threat Window Time Per to Complete Weekly Incidents Time Spent Time Time Cost Savings Annually Savings (Hours) Savings (%) ($150/h) 45 50 390 0 0% $0.00 Manual minutes Incidents hours hours 22 75 190 200 75% $180,000 Semi-Automated minutes Incidents hours hours 1.4 100 12 378 98% $472,800 Automated Minutes Incidents hours hours MANAGE ALERTS FASTER RESPONSE INCREASE MORALE How to Obtain a Security Operations ROI with SOAR
  • 9. 9 Explore CyOPs TM Community Edition Solutions: SOC Automation, Vulnerability Management and BYOS Manage: Alerts, Incidents, Indicators, Tasks across Tenants Measure: MTTD, MTTR, ROI, Reports, Dashboards Respond: Automate, Visual Playbook Designer, Out of Box Connectors Reach us at Sales@CyberSponse.com

Editor's Notes

  1. Audience questions: 1. How many Alerts