SECNOLOGY : SOAR vs. SOC, What’s really happening?

SOAR vs. SOC:  What’s really happening?

There’s something huge percolating in the security operations domain, but what precisely is it? We are frequently submerged with various descriptions of useful tools and functions (e.g. Security Orchestration, Automation and Response (SOAR), Threat Intelligence Platform (TIP), Security Incident Response (SIR), Hunting, etc.).

Unfortunately, many of us are confused by the principal capabilities of these technologies and, more directly, by the problems they intend to solve. Maybe we need to re-examine this space, turn it upside down and start from a different perspective.

In today’s SOC, what problems are we attempting to solve?

If you get straight to the point, inefficiency in the process will lead to delays in detection and response time. Of course, many factors can have an impact, including: teams working in silos, unintegrated applications and data, overloaded and tired alarms and insufficient staff. The industry’s response is to add other tools such as IR/ticketing systems, business orchestration and automation, and TIP.Actually, if you look at Gartner‘s first definition of SOAR, it is inherently consistent with these technology stacks.

So, what has changed today?

The conversation has obviously moved to a discussion of specific issues (e.g. use cases) coupled with the manner technology can help. The concept of the use case method is important because it allows the discussion to focus on the problem in question, rather than trying to use ‘ magic bullet’ techniques in each situation. Here are some of the most common use cases:

Threat-hunting:

A method of actively and iteratively searching for abnormal activities in networks and systems for signs of damage.

Vulnerability management:

The practice of discovering, classifying, prioritising and responding to software, hardware and network vulnerabilities on an ongoing basis.

Incident Response:

A classified method of organizing the process of managing the consequences of a cyber-attack in order to limit damage and reduce recovery time and costs.

Alert triage:

An efficient and accurate alerting and investigation process to determine the seriousness of the threat and whether the alert should be escalated for the event.

Threat Intelligence Management:

The practice of supplementing, analysing, enriching and duplicating internal and external threat data to understand environmental threats.

The development of SOAR is based on SECNOLOGY’s belief from the outset – the need for a “complete” security operations solution, tailored to support numerous activities for security operations (e.g. prioritization of activities, formal and IR classification, automatic response, survey activation, helping of collaboration, etc.) It can be simply explained as a platform conceived for numerous users and use cases.

While SOAR used to imply only orchestration for many people, TIP is only used for threat intelligence programs and SIR is only used for incident response, and it is clear that the definition and use of these technologies are evolving rapidly. SECNOLOGY offers a holistic secure operating platform to improve the effectiveness and efficiency of the SOC.

SECNOLOGY enables companies, integrators and VARs to build a low-cost SOC. Its unique technology offers a multitude of features and tools for easy installation, set-up and handling.

For more information on our news, please visit this link : NEWS – SECNOLOGY : The BIG DATA MINING COMPANY