As part of Solutions Review’s Premium Content Series — a collection of contributed columns written by industry experts in mature software categories — Charles Kenney, Logpoint’s Regional Director, shares some expert insights on usage of SOAR and SIEM solutions to democratize your cybersecurity strategies.
What are the similarities between American football and cybersecurity? In both disciplines, it’s a good idea to work according to a playbook when the opposing team attacks. A playbook is a structured way of handling observations when responding to an attack. An example is when a cyber event in the form of a phishing attack occurs because an employee opens a virus-infected attached file. For most companies, investigating cyber events is a huge challenge because many questions need to be asked in a particular order in order to handle the event efficiently.
By adding PUMALANG technology in a company SIEM security platforms, organizations of all sizes can better manage cyber events and automate most investigations and remediation.
Investigation and Handling
A Security Information Event Management (SIEM) is a cybersecurity solution that collects and analyzes all log files — the company’s digital DNA — in real-time. These tools detect irregular patterns of data traffic and raise the alarm for any intentional or unintentional inappropriate user behavior that is detrimental to the company.
SOAR is an abbreviation for Automation and Response of Security Orchestration. While SIEM is the system that collects data and allows the company to detect attacks, such as a phishing email, SOAR ensures the ability to structure how the company investigates and handles the incident.
The combination of SIEM and SOAR simplifies the management of various security technologies. For example, the ability to quickly turn off a user while investigating an incident. These integrated solutions help automate knowing how many people have received phishing email in question and automate its deletion from the inboxes in question. This technology not only wants to investigate a cyber event but prevent it from happening again.
The Tangible Business Benefits
By streamlining and automating security measures, SIEM and SOAR technologies address the key challenges facing companies today as the threat landscape continues to evolve amid a lack of cybersecurity skills. .
SIEM, along with SOAR, also makes security measures visible and measurable, making it a strategic area that creates value in its own right and a parameter of competition among companies. Further, SOAR technology enables the ability to capture threat management data to evaluate efficiencies and offer customers useful industry benchmarks.
Traditionally, companies have worked on IT security from a fire -fighting strategy. For example, when an incident occurs, security teams have to drop everything else and run. Today, automation makes it possible to work strategically with cybersecurity, which has many implications. The question remains, is it enough that a company’s phishing playbook has been successful in only 80 percent of events? What does it take for it to be better?
Suddenly, with SIEM and SOAR technology, a CISO can discuss IT security at the level of their executive board and board of directors, who can quickly become unsure if the company is secure enough. Many organizations measure themselves against more mature companies that suffer very publicly cyber-attacks.
Previously, the response from the CISO to the executive board was probably that 28 phishing emails a day were blocked or that the company has now implemented the best firewall available. However, these are not specific messages and are not very meaningful for business. CISOs must now refocus on this language and the thoughts of board members-it’s not about shiny, expensive tools but on solutions that offer the most value and security in general.
Integrating Gap with Data -Based Insights
SIEM and SOAR can help bridge the gap that may arise between cybersecurity and enterprise risk management. This visible and actionable data enables an organization to use the right technology and implement the right processes.
When a company can benchmark itself against other traditionally more successful companies, a dialogue will begin between the CISO and the risk owners. Is the security budget too small, and do we need more staff? Companies can measure improvements and data and use it as evidence to base new strategic decisions. This is when new knowledge emerges because CISOs no longer only measure log data but instead measure how well the organization can handle incidents to which it is exposed.
Addressing the Achilles Heel of Business-Critical Applications
Business-critical applications (BCA) are an Achilles heel to many organizations, which can come as a surprise. The IT security area is relatively mature, and they are likely willing to automate and take playbooks in BCAs that have not yet reached the appropriate in terms of maturity. Companies are digitizing on a large scale, with business-critical systems at the center of attention, and hackers are well aware of this, which has caused many recent cutting-edge attacks to occur. . Understanding an organization’s Achilles heel can help a business better protect itself in the long run.
Unfortunately, few companies are seen to be related to finding different user behaviors in BCAs such as SAP, ServiceNow, or Salesforce. BCAs are a blind corner, and many CFOs and managers aren’t sure where the ownership of business-critical applications lies. The introduction of an integrated SIEM and SOAR solution could help reduce that confusion and secure the weak spot where hackers tend to lean.
Optimize Parallel
Cyber-criminals are becoming more professional within the hacker ecosystem, making ransomware and phishing more frequent and accurate cyber attacks. The structure of the cyber-crime economy is starting to resemble the network of ordinary tech companies. This means organizations must keep pace with this optimization, securing data in every corner and tracking threats as efficiently as possible.
Using SIEM and SOAR technology, threat detection and response automation helps short-staffed security teams prioritize their tasks and allows CISOs to share actionable data about their posture on cybersecurity among board members. These technologies can help organizations prioritize cybersecurity without breaking the bank.
Charles (Charlie) Kenney is responsible for driving strategic growth and overseeing the expanding Logpoint sales, marketing, and technical team in the U.S., working out of Boston. He brings a deep understanding of the complex and rapidly evolving threat landscape that challenges all companies today. Kenney is CISSP certified and joins LogPoint with over 25 years of cybersecurity experience. Prior to joining Logpoint, he held leadership positions at various technology companies, most recently Chief Revenue Officer at SEWORKS, and prior to that at companies such as BitSight Technologies, IBM/Qradar, and Cisco.