As per the study conducted by the Ponemon 2019, and the results sponsored, analyzed and reported by IBM, “the average time to identify a breach in 2019 was 206 days and the average time to contain a breach was 73 days, for a total of 279 days.”
As the threats grow exponentially, the ability to respond to them must also grow at a higher rate to protect the organization from Cyber Security attacks. Being proactive is the preferred approach but for complete protection, an organization’s reactive capabilities must also be robust and efficient. A planned incident response plan is required for adequate reactive protection against the new breed of unexpected, unseen, sophisticated and advanced persistent threats.
One of primary reasons for the recent breaches, is that we do not have enough manpower i.e., Security Experts, to investigate the growing number of security threats, and this leads to a security breach.
Source: VMWARE CARBON BLACK
Having said that, being consistent and resilient in the wake of security breaches is the key to overcome and triumph over latest security threats. To do this, we need security experts’ focus on critical things rather than on repetitive and trivial things that can be automated. Automation can assist us in streamlining and automating regular, common operations and thereby save the experts’ time and efforts. It will in turn allow the experts to work on complex and more complex tasks which will require their attention to protect the organization’s critical assets.
So, the real question is, how do we automate when our existing security technologies don’t inter-operate and are not vendor neutral?
Security Orchestration, Automation and Response (SOAR) tools connect to different security technologies and enable them to complement each other. Also, thanks to the adoption of REST API by vendors, inter-connectivity is a lot easier with SOAR Technologies.
SOAR enables organizations to perform vendor agnostic integration, connect to multiple security devices, collect data from them, perform analysis and automate response actions. Automating repetitive tasks or part of the tasks which don’t require human interaction will result in faster response to incidents, save time of critical resources and improve the overall efficiency and security posture of the organization.