GARTNER'S SOAR: AN ENGINEER'S PERSPECTIVE

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Organizations that ramp up their spending on cyber security tools inevitably face the question: “Am I really getting what I need out of this? If not, is it because I am not using things properly; because I need to invest more into information security; or because the threat landscape has changed under my feet?”

Of course, the answer is usually a combination of all three, but there is also a larger element at play. The world of cyber security is currently experiencing a sea of change in terms of what technologies organizations are using and how they’re using them.

Where once you had discrete, independent tools, each with its own purpose, you are now seeing all-inclusive solutions that unite these tools under one roof. What’s more, more and more managed security services providers (MSSPs) are offering to take the whole matter off your hands and handle things themselves as part of their core competency.

Case Study: See how ICE improved operations by uniting their independent security tools.

In response to these changes, IT research firm Gartner has introduced the concept of a “SOAR” (security operations, analytics and reporting) technology stack – a comprehensive cyber security platform that uses logical and analytical capabilities to support operational information security programs. So, how should you use the idea of SOAR to interpret your own cyber infrastructure?

The Direction of Cyber Security Solutions

Gartner’s SOAR is a natural extension of where information security management is going as an industry; but similar to the discrete point-products that came before it, SOAR is merely a means to an end – effective continuous management of information security risks. Initially, cyber security solutions focused on identifying potential threats. As technology has advanced, these tools have progressed to assessing threats’ severity, to responding to threats and finally to mitigating them.

To accomplish these goals, you need something in the middle of your cyber security operations — something that can bring together your separate systems and data, and find the bigger picture amid all the noise. SOAR technologies give companies this singular perspective by siphoning real data from a variety of sources: SIEMs (security information and event management software), GRC software (governance, risk management and compliance), service desks, forensic tools and so on.

The good news is that all of your Information Security spending was not for naught. As more security operations data becomes visible and available, applying business intelligence techniques to cyber security is now more popular than ever. The true value of your cyber infrastructure comes from assembling the disparate pieces of your organization’s network and systems and gleaning valuable insights and analyses from them.

Read More: Upgrade Your Security Operations Center with Business Intelligence Principles

Final Thoughts on Gartner’s SOAR

There are two things that companies need to consider when they evaluate their SOAR technologies. First, compare the number of tools that you have deployed with their net performance. If you are getting less out of your solutions than you put into them, then you are not being maximally efficient. Having two tools that do almost the same thing does not really make you safer — it should make you question why you need two tools that cover the same territory.

Second, modern security solutions give you a high degree of visibility into your cyber infrastructure. With that visibility, however, comes a heap of work that will always far exceed the amount of resources that you can throw at it. What is more, your organization’s cyber adversaries will always be able to outgun you. It is their core competency to attack you but not your organization’s core competency to defend.

As a result, you need to think smart and have specific priorities for your security operations activities, judiciously deploying the resources available to you. By doing so, you will be able to outflank and beat your would-be attackers, even at a numerical disadvantage.

 

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
31 Followers
About FourV Systems
FourV is dedicating to improving the operational performance of IT security programs by empowering leadership to make decisions instead of spending time analyzing data.
Promoted Content
Cyber Security Translation Guide for CISOs
Communicating the Benefits of an IT Security Investment Can Be a Challenge As a chief information security officer (CISO), you know how important it is to invest in the appropriate IT infrastructure in order to keep your business and its assets safe. The difficulty, however, is often communicating the urgency and importance of those investments in a way that resonates with other stakeholders in your organization. This free on-page guide will teach you how to best position your messaging when speaking to non technical leadership.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel