Didn’t attend Transform 2022? View all summit sessions in our on-demand library now! Watch here.
There’s only so much a human security team can do in a day, but many analysts are forced to waste time on inefficient manual processes.
In fact, 56% of large companies handle at least 1,000 security alerts per day. If each of these alerts takes 10 minutes to address, that’s over 166 hours wasted per day or 830 per week. Automation is now essential for eliminating these manual tasks so that security professionals can focus on higher value work.
That’s why SIEM provider Elastic today announced the launch of Elastic Security 8.4, which introduces new native security, orchestration, automation and response (SOAR) capabilities. It also has partner integrations designed to improve the speed of security operation centers (SOCs) and better support human analysts.
The new solution is powered by Elastic Agent and will offer native remediation and response capabilities to all users, as well as configurable alerts and integration with other SOAR vendors, enabling organizations to implement SOAR without having to purchase additional solutions.
Event
MetaBeat 2022
MetaBeat will bring together thought leaders to provide guidance on how metaverse technology will change the way all industries communicate and do business on October 4 in San Francisco, CA.
Register here
SOAR and open security
Elastic’s announcement comes as security automation becomes more important to survive in an increasingly complex threat landscape.
According to IBM, organizations with fully deployed security artificial intelligence (AI) and automation spent $3.05 million less per data breach compared to those without. SOAR offers a comprehensive framework in terms of security automation.
According to Gartner, SOAR platforms are “solutions that combine incident response, orchestration and automation, and threat intelligence platform management capabilities into a single solution.” The end result is the ability to reduce the mean time-to-detection and mean time-to-response to security incidents.
By implementing SOAR capabilities into its existing solution, Elastic hopes to advance its journey toward open security, now offering new integrations with D3 and Torq, as well as existing ones. on ServiceNow, Swimlane and Tines.
“We are committed to open security, which started with us opening up our security artifacts,” said Mike Nichols, vice president of product management, security at Elastic.
“By sharing the behavioral patterns we look for to identify threats and our mechanisms for stopping an attack, other companies can use the work we’ve done to strengthen their own defenses,” Nichols said.
A snapshot of the SOAR market
These new capabilities place Elastic Security within the SOAR market, which researchers expect to grow at a compound annual growth rate of 14.6% to reach a value of $2.03 billion by 2025.
One of the main providers in the market is Swimlane, which provides a low-code SOAR platform designed for security professionals with no coding experience, and uses web hooks and remote agents to retrieve data from the entire environment of an organization.
Earlier this year, Swimlane secured $70 million in growth funding.
Another competitor is Siemplify, which Google acquired earlier this year for $500 million, which offers organizations a cloud-native SOAR platform with a drag-and-drop user interface that can be used by analyst to automate administrative tasks. It also provides machine learning-based recommendations to increase SOC visibility.
The main difference between Elastic Security and other providers on the market is its focus on open security, which seeks to normalize data sharing to ensure that businesses have access to the information they need to secure their environments against modern actor threats.
VentureBeat’s mission will be a digital town square for technical decision makers to gain knowledge about transformative enterprise technology and transactions. Learn more about membership.