Insight into SOAR
•Download as PPTX, PDF•
0 likes•772 views
This presentation showcased live during the DNIF KONNECT meetup on 19th December 2019. We have our presenter: Ruchir Shah- Account Manager at DNIF, walk us through the importance of SOAR Some key points discussed during the meetup: -Understand, what is SOAR. -The problems a SOAR solution solves. -Real-time demo by DNIF expert on SOAR. Watch the full presentation here: https://www.youtube.com/watch?v=bCp-WAs6w5I
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Insight into SOAR
Similar to Insight into SOAR (20)
More from DNIF
More from DNIF (16)
Recently uploaded
Recently uploaded (20)
Insight into SOAR
- 2. ● What is SOAR? ● What does a SOAR consist of? ● What can you integrate in a SOAR platform? ● Problems in today’s SOC ● Benefits of SOAR in a SOC ● Business Case for a SOAR ● Standalone SOAR vs SIEM+SOAR? ● SOAR in action Topics to be covered
- 3. ● SOAR stands for Security Orchestration, Automation and Response. ● SOAR term coined by Gartner. ● Capability of a SOAR Platform(not restricting to): ○ Threat and Vulnerability Management ○ Incident Response ○ Security Operations Automation What is SOAR?
- 4. ● Fetching the relevant log data ● Performing a lookup function using threat intelligence ● Perform remediation action ● Easy reporting & Case Management ● All the steps mentioned above constitute a Security Playbook. What does a SOAR consist of?
- 5. ● Threat Intelligence services ● ITSM tools ● Firewalls, Active Directory, EDR, DLP etc. i.e. Devices from your security stack ● IT applications What can you integrate in a SOAR platform?
- 6. . Bring down the workloads and shorten time to action at the SOC with SOAR* ENRICH VALIDATE RESPOND * Security Orchestration, Automation and Response (SOAR) SOAR Plugin Framework
- 7. . Correlate and connect the dots with a functional query language - DQL. DATASTORE QUERY FUNCTION Retrieve data from the distributed data structure. PROFILE LOOKUP Evaluate the outcome along with pre-populated references. CASE MANAGEMENT Group and manage threats in an organized manner using tickets. VALIDATE / RESPOND Integrate with third party tools and service providers to automate.
- 8. ● Too much involvement of an L1 Analyst. ● Alert Fatigue ● Slow response time= Difference between Mean Time To Detect(MTTD) and Mean Time to Respond(MTTR). ● Operational Inefficiencies ○ Lack of automated workflows ○ Manual reporting ○ Analysts spending time on finding alerts ○ Remediation process: Manual and ineffective ○ High Attrition rates Problems in today’s SOC
- 9. ● Automated countermeasures: Reduced dependency on an L1 Analyst. ● Better response times: Reducing it from hours to seconds. ● Increase in operational efficiency ○ Clearly defined approach to deal with multiple Security Use Cases. ○ Analysts spending time on finding alerts ○ Remediation process: Manual and ineffective Benefits of SOAR in a SOC
- 10. . Bring down the workloads and shorten time to action at the SOC with SOAR* * Security Orchestration, Automation and Response (SOAR) Threat handled and responded to without a SOC analyst getting involved 41% Time between detection and resolution of an attack 23s Of threats auto responded were found to be false positives 3%
- 11. ● Lesser investment to train Security Analysts. ● No manual playbooks ● Operations is key ● Better incident response ● Efficient SOC: More alerts, better approach Business Case for a SOAR
- 12. ● Standalone SOAR disadvantages: ○ Integration and maintainance ○ Training ○ Administration/Support ● SIEM+SOAR primary advantages: Single pane of glass, better ROI Standalone SOAR vs SIEM+SOAR
- 13. . THANK YOU FOR YOUR TIME Let’s Konnect! Email: ruchir.shah@dnif.it Phone: +919773064530