Elastic Security today updated its security orchestration, automation and response (SOAR) platform to provide integrations with similar platforms as part of an effort to streamline analytics.
Version 8.4 of the Elastic SOAR platform now provides bi-directional integrations with ServiceNow, Swimlane, Tines, D3 and Torq. It also provides access to a terminal-like interface that allows cybersecurity practitioners to view and implement response actions more quickly along with an audit interface to provide a full record of response activity incident.
Finally, cybersecurity analysts can now isolate hosts by disabling network connectivity for potentially infected systems to prevent lateral movement of malware. In addition, cybersecurity teams can now restore a Windows host to its last known good state without requiring any manual intervention.
Mike Nichols, vice president of product management for Elastic Security, said the company is pursuing an application programming interface (API)-centric approach to cybersecurity integration to make it simpler for cybersecurity analysts to access data wherever it was originally created.
The Elastic platform itself is based on an Elastic Agent that makes security capabilities more accessible to small-to-medium enterprises (SMEs) that typically do not have the necessary expertise to deploy and maintain more complex platforms. An IT or cybersecurity team can deploy that agent with one click to integrate any endpoint with the Elastic SOAR platform, Nichols said.
The goal is to bring enterprise-class security capabilities to SMEs that may employ only a few cybersecurity professionals or rely on IT operations teams to manage cybersecurity, he added. The challenge they face is finding a cybersecurity platform capable of processing massive amounts of data to provide actionable intelligence that’s easy to manage, Nichols said.
Interest in cybersecurity automation has increased along with a growing shortage of cybersecurity expertise. Organizations unable to fill cybersecurity positions are looking for ways to automate cybersecurity processes that allow a smaller team to handle a wider range of tasks.
One of the biggest challenges when it comes to automation is, of course, interoperability. Every cybersecurity platform in use today collects data in a unique format. Cybersecurity teams have to rely on different types of connectors and APIs to access data and then find a way to normalize it before analytics can be applied seamlessly. Elastic Security essentially makes the case for being the SOAR vehicle that accomplishes that goal.
It remains to be seen whether cybersecurity analytics can stand alone. However, one thing is certain is that, in the absence of a unified view, each new platform added to an IT environment only exacerbates the challenge. It is unlikely that there will be one cybersecurity platform that will manage them all, so the current interoperability challenge that organizations face as they use a mix of best-of-breed cybersecurity tools is a major issue.
One way or another, that interoperability issue will eventually be addressed by reducing the number of cybersecurity platforms used and simplifying integration. The issue is how long it will take to reach that goal as cyberattacks increase in volume and sophistication.