THREAT INTELLIGENCE AND SOAR FOR SOC MANAGERS

THE DANGERS OF MISSED ALERTS

Today’s SOCs tend to deal with very high volumes of alerts. Given a finite number of analysts and a finite amount of time to investigate all these alerts, it’s easy for an important alert to go unnoticed for some time. If and when someone finally notices the alert, it may be too late, and your network may have already been compromised. Additionally, in high-volume SOCs, analysts may spend a non-negligible amount of time investigating false positives. The need to manually investigate these alerts distracts them from genuinely important alerts and other SOC tasks that demand their attention.

MEASURE RESPONSE TIMES IN SECONDS, NOT HOURS

SOAR isn’t limited to automating investigations — automated security response features let your team take action against threats without even lifting a finger. Analysts can write response playbooks, which work just like the investigative playbooks mentioned above. When a suspicious event triggers a rule in one of these playbooks, the SOAR platform will automatically perform the actions indicated in the playbook. This approach can render many common threats harmless in seconds, lowering your SOC’s mean time to respond (MTTR) to levels you might have previously considered impossible.

WORK SMARTER, NOT HARDER

The benefits of implementing SOAR extend far beyond investigation and response activities. You can also use a SOAR platform to leverage external threat intelligence in other ways, such as when updating firewall rules or conducting incident investigations. This not only saves time that might otherwise be spent retrieving and inputting this information manually, but also ensures that everyone on your SOC team has the information they need to make informed decisions.

FURTHER READING

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
DNIF

DNIF

The “Open” Big Data Analytics platform that offers solutions to the world’s most challenging cyber security problems with real-time data analytics.