SlideShare a Scribd company logo

SOAR-A Love Story - Ethan Packard.pptx

Download as PPTX, PDF
A
Alejandro Daricz

The document discusses how security orchestration, automation and response (SOAR) platforms can help organizations address challenges around alert fatigue, slow response times, and lack of collaboration by providing a single pane of glass to manage security operations, automating workflows through integrated playbooks, and improving efficiency through features like automated triaging, enrichment, investigation, and remediation. It also provides an example of how SOAR solutions can significantly reduce the time spent on weekly incidents and improve threat response windows.

Technology
1 of 9
1 Fortify YOUR Defense with CyberSponse Adaptive Security
2 What is Security Orchestration Automation & Response? Why do I care or need it?
3 Multiple Logins Attempts Auth Events SIEM Rules Alert Mission: Block Malicious Intent or Close as False Positive Source Target Response Who is? Asset? Block IP Geolocation? Owner? Disable Account Reputation? Cause? Patch Vulnerability Threat Intel? Who else? What are the key things Security Teams should look to automate? TTR Status Next 12 Mins? False Positive? 100+ alerts in queue • 3+ Security Tools • 3+ Security Staff What are the key elements needed to be ready for SOAR? • Email Phishing • Endpoint Infections • Hunt, Block & Tackle • Incident Response
4 Alert Fatigue Slow Response Times Lack of Collaboration Challenges  Alerts Overload  Lenient Rules > False Positives > Alert Fatigue  Strict Rules > True Negatives > Weak Security  Multiple, Disintegrated Tools  Fact: You would easily have 18 to 25 products to deal with  Question: How many SIEM or Firewalls can you learn?  Manual and Inconsistent responses causing weak security posture Solution: SOAR augments human analyst Single Pane of Glass to manage all activities of SOC  Measure and Boost SOC Efficiency  Deliver consistent investigation and response  Leverage automation without programing skills Salient Features and Use Cases  Integrated with SIEM to receive, respond and close the alert  Automated Triaging, Enrichment, Investigation and Remediation  Investigations for Phishing, C&C, Data Exfiltration etc.  Automated Remediation with human approval  Integrations with 250+ products, 3000+ actions Challenges that SOAR Solves in Current Environment
5 Investigate Remediate Enrich Ingest Triage Contain  250+ Connectors, 3000+ Actions SOAR’s Integrate your SOC with diverse tools
6 Incident Response Platform  Highly Configurable  Role based Access  Multi-Tenant  Case Management Orchestration & Automation  Playbooks  Connectors/Integrations Case Management  Highly configurable platform  Contextual Data Visualization  Build your own Modules Automated Playbooks  Visual Playbook Designer,  Out of Box Connectors,  Real Life Use Case’s Reference Content Multi Tenant  Distributed/Federated Architecture  Control Access to Data and Playbooks SOAR Platform Why you want an Incident Response and Automation Platform
7 Response Playbooks SOAR Alert Record SOAR’s Automate Information Flow & Incident Response SIEM Alerts eMails Other Alerts (EDR, IDS etc) Integrations Orient Gauge the Impact Action  Block URL, IP, Domain, File hash  Disable User Account  Reset Password Observe Enriched contextual data from  Threat Intel,  Asset Management,  User Directory,  Historical Data Decide Manual Decisions, Tasks, Approvals Actionable Data
8 Cost Savings Threat Window Time Per to Complete Weekly Incidents Time Spent Time Time Cost Savings Annually Savings (Hours) Savings (%) ($150/h) 45 50 390 0 0% $0.00 Manual minutes Incidents hours hours 22 75 190 200 75% $180,000 Semi-Automated minutes Incidents hours hours 1.4 100 12 378 98% $472,800 Automated Minutes Incidents hours hours MANAGE ALERTS FASTER RESPONSE INCREASE MORALE How to Obtain a Security Operations ROI with SOAR
9 Explore CyOPs TM Community Edition Solutions: SOC Automation, Vulnerability Management and BYOS Manage: Alerts, Incidents, Indicators, Tasks across Tenants Measure: MTTD, MTTR, ROI, Reports, Dashboards Respond: Automate, Visual Playbook Designer, Out of Box Connectors Reach us at Sales@CyberSponse.com

Recommended

SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
Robert Crane
 
Automating cybersecurity
Automating cybersecurityAutomating cybersecurity
Automating cybersecurity
Singtel
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
Dean Iacovelli
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
PlatformSecurityManagement
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Adam Levithan
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
Samik Roy
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
Adeo Security
 

Recommended

SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
Robert Crane
 
Automating cybersecurity
Automating cybersecurityAutomating cybersecurity
Automating cybersecurity
Singtel
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
Dean Iacovelli
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
PlatformSecurityManagement
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Adam Levithan
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
Samik Roy
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
Adeo Security
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
Microsoft Österreich
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecurity
Securaa
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Elasticsearch
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Software Guru
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
 
Incident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEOIncident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEO
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
New Horizons Computer Learning Centers / 5PE
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
Dean Iacovelli
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
JK Tech
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
Primend
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
Adam Ochs
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Andris Soroka
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
Ajit Wadhawan
 
Fluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data ConclaveFluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data Conclave
fluturads
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
Jürgen Ambrosi
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
Greg Foss
 
SIEM for Beginners
SIEM for BeginnersSIEM for Beginners
SIEM for Beginners
BAKOTECH
 
CZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptxCZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptx
Alejandro Daricz
 
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsxFortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Alejandro Daricz
 

More Related Content

Similar to SOAR-A Love Story - Ethan Packard.pptx

Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
Jürgen Ambrosi
 

Similar to SOAR-A Love Story - Ethan Packard.pptx (20)

Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecurity
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Incident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEOIncident Response in the wake of Dear CEO
Incident Response in the wake of Dear CEO
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
 
Fluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data ConclaveFluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data Conclave
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
 
SIEM for Beginners
SIEM for BeginnersSIEM for Beginners
SIEM for Beginners
 

More from Alejandro Daricz

Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsxFortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Alejandro Daricz
 
Fortify-overview-300-v2.pptx
Fortify-overview-300-v2.pptxFortify-overview-300-v2.pptx
Fortify-overview-300-v2.pptx
Alejandro Daricz
 
Red Hat Ansible Client presentation Level 2.PPTX
Red Hat Ansible Client presentation Level 2.PPTXRed Hat Ansible Client presentation Level 2.PPTX
Red Hat Ansible Client presentation Level 2.PPTX
Alejandro Daricz
 
FortiRecon Sales Presentation (1).pptx
FortiRecon Sales Presentation (1).pptxFortiRecon Sales Presentation (1).pptx
FortiRecon Sales Presentation (1).pptx
Alejandro Daricz
 
meraki-mx-sizing-principles-english.pdf
meraki-mx-sizing-principles-english.pdfmeraki-mx-sizing-principles-english.pdf
meraki-mx-sizing-principles-english.pdf
Alejandro Daricz
 
Imperva-presentacion-GMS.pdf
Imperva-presentacion-GMS.pdfImperva-presentacion-GMS.pdf
Imperva-presentacion-GMS.pdf
Alejandro Daricz
 
Microsoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptxMicrosoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptx
Alejandro Daricz
 
Citrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guideCitrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guide
Alejandro Daricz
 

More from Alejandro Daricz (14)

CZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptxCZ Zero Trust recortada hasta la 20.pptx
CZ Zero Trust recortada hasta la 20.pptx
 
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsxFortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
Fortinet Mikulov 2020 -Jen chránit síť nestačí.ppsx
 
Fortify-overview-300-v2.pptx
Fortify-overview-300-v2.pptxFortify-overview-300-v2.pptx
Fortify-overview-300-v2.pptx
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
 
Red Hat Ansible Client presentation Level 2.PPTX
Red Hat Ansible Client presentation Level 2.PPTXRed Hat Ansible Client presentation Level 2.PPTX
Red Hat Ansible Client presentation Level 2.PPTX
 
FortiRecon Sales Presentation (1).pptx
FortiRecon Sales Presentation (1).pptxFortiRecon Sales Presentation (1).pptx
FortiRecon Sales Presentation (1).pptx
 
OT Solution Overview.pptx
OT Solution Overview.pptxOT Solution Overview.pptx
OT Solution Overview.pptx
 
meraki-mx-sizing-principles-english.pdf
meraki-mx-sizing-principles-english.pdfmeraki-mx-sizing-principles-english.pdf
meraki-mx-sizing-principles-english.pdf
 
Imperva-presentacion-GMS.pdf
Imperva-presentacion-GMS.pdfImperva-presentacion-GMS.pdf
Imperva-presentacion-GMS.pdf
 
Microsoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptxMicrosoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptx
 
Liderazgo Ágil
Liderazgo ÁgilLiderazgo Ágil
Liderazgo Ágil
 
comptia-secplussy0601-1-15-threat_intelligence_osint.pptx
comptia-secplussy0601-1-15-threat_intelligence_osint.pptxcomptia-secplussy0601-1-15-threat_intelligence_osint.pptx
comptia-secplussy0601-1-15-threat_intelligence_osint.pptx
 
Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018
 
Citrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guideCitrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guide
 

Recently uploaded

Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 

Recently uploaded (20)

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 

SOAR-A Love Story - Ethan Packard.pptx

  • 1. 1 Fortify YOUR Defense with CyberSponse Adaptive Security
  • 2. 2 What is Security Orchestration Automation & Response? Why do I care or need it?
  • 3. 3 Multiple Logins Attempts Auth Events SIEM Rules Alert Mission: Block Malicious Intent or Close as False Positive Source Target Response Who is? Asset? Block IP Geolocation? Owner? Disable Account Reputation? Cause? Patch Vulnerability Threat Intel? Who else? What are the key things Security Teams should look to automate? TTR Status Next 12 Mins? False Positive? 100+ alerts in queue • 3+ Security Tools • 3+ Security Staff What are the key elements needed to be ready for SOAR? • Email Phishing • Endpoint Infections • Hunt, Block & Tackle • Incident Response
  • 4. 4 Alert Fatigue Slow Response Times Lack of Collaboration Challenges  Alerts Overload  Lenient Rules > False Positives > Alert Fatigue  Strict Rules > True Negatives > Weak Security  Multiple, Disintegrated Tools  Fact: You would easily have 18 to 25 products to deal with  Question: How many SIEM or Firewalls can you learn?  Manual and Inconsistent responses causing weak security posture Solution: SOAR augments human analyst Single Pane of Glass to manage all activities of SOC  Measure and Boost SOC Efficiency  Deliver consistent investigation and response  Leverage automation without programing skills Salient Features and Use Cases  Integrated with SIEM to receive, respond and close the alert  Automated Triaging, Enrichment, Investigation and Remediation  Investigations for Phishing, C&C, Data Exfiltration etc.  Automated Remediation with human approval  Integrations with 250+ products, 3000+ actions Challenges that SOAR Solves in Current Environment
  • 5. 5 Investigate Remediate Enrich Ingest Triage Contain  250+ Connectors, 3000+ Actions SOAR’s Integrate your SOC with diverse tools
  • 6. 6 Incident Response Platform  Highly Configurable  Role based Access  Multi-Tenant  Case Management Orchestration & Automation  Playbooks  Connectors/Integrations Case Management  Highly configurable platform  Contextual Data Visualization  Build your own Modules Automated Playbooks  Visual Playbook Designer,  Out of Box Connectors,  Real Life Use Case’s Reference Content Multi Tenant  Distributed/Federated Architecture  Control Access to Data and Playbooks SOAR Platform Why you want an Incident Response and Automation Platform
  • 7. 7 Response Playbooks SOAR Alert Record SOAR’s Automate Information Flow & Incident Response SIEM Alerts eMails Other Alerts (EDR, IDS etc) Integrations Orient Gauge the Impact Action  Block URL, IP, Domain, File hash  Disable User Account  Reset Password Observe Enriched contextual data from  Threat Intel,  Asset Management,  User Directory,  Historical Data Decide Manual Decisions, Tasks, Approvals Actionable Data
  • 8. 8 Cost Savings Threat Window Time Per to Complete Weekly Incidents Time Spent Time Time Cost Savings Annually Savings (Hours) Savings (%) ($150/h) 45 50 390 0 0% $0.00 Manual minutes Incidents hours hours 22 75 190 200 75% $180,000 Semi-Automated minutes Incidents hours hours 1.4 100 12 378 98% $472,800 Automated Minutes Incidents hours hours MANAGE ALERTS FASTER RESPONSE INCREASE MORALE How to Obtain a Security Operations ROI with SOAR
  • 9. 9 Explore CyOPs TM Community Edition Solutions: SOC Automation, Vulnerability Management and BYOS Manage: Alerts, Incidents, Indicators, Tasks across Tenants Measure: MTTD, MTTR, ROI, Reports, Dashboards Respond: Automate, Visual Playbook Designer, Out of Box Connectors Reach us at Sales@CyberSponse.com

Editor's Notes

  1. Audience questions: 1. How many Alerts