SANS Cyber Solutions Fest: Level SOC/SOAR
- Thu Oct 21, 2021
- 08:30 am ET
- Online | Virtual
About SANS Cyber Solutions Fest: Level SOC/SOAR
Security Orchestration, Automation and Response (SOAR) tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things. The challenge is that the tools are frequently bought to avoid the one thing that most organizations don’t seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of data from disparate tools.
Modern SOCs are comprised of four components monitoring and detection, incident response and threat hunting, threat intelligence, and detection engineering. With this construct, teams aim to constantly stay one-step ahead of attackers. In recent years, this has becoming increasingly more difficult due to a shortage of cybersecurity skills, too many alerts, and operational overhead.
Another problem is the lack of consistency among the data for use in SIEM/SOAR. SOC teams that do not process or enrich their data before putting it into their security tools are often disappointed to find they experience additional integration costs and challenges when they had expected clear sailing with their new SIEM/SOAR. At best, the task of data processing gets off-loaded on threat hunting teams, creating unexpected costs and strain because it lacks context and relevant details.
Investing in a SOAR platform is strategic and oftentimes a financially beneficial decision. SOAR systems can help define, prioritize, and standardize responses to cyber incidents. This process occurs when an organizations security team uses the platform to gain insight on an attackers tactics, techniques, and procedures (TTPs) and known indicators of compromise (IOC).
For more details on the e-conference or to schedule a time to speak with Netenrich, please contact [email protected]
Netenrich delivers complete Resolution Intelligence to transform digital operations into smarter business outcomes. With fifteen years’ innovation across IT, NetOps and SecOps, Netenrich applies a dynamic mix of machine and expert intelligence across a wide range of products and SaaS-based offerings. The solutions integrate with more than 140 market-leading IT and security applications to drive digital transformation, mitigate brand exposure, increase efficiencies, and bridge skills gaps. More than 6,000 customers and organizations worldwide rely on Netenrich to gain increased visibility and actionable intelligence across their IT and cloud networks. The company is privately owned and based in San Jose, CA.
About The Speaker