Summer Security Fundamentals Recap: Orchestration and Automation 101

Last updated at Mon, 05 Aug 2019 13:02:00 GMT

In our first Summer Security Fundamentals panel discussion, we had the chance to chat with some folks who live and breathe cybersecurity. Not wanting to miss this golden opportunity, we cut right to the tough questions. The result? Almost an hour’s worth of insightful tips for making your life as a cybersecurity professional less difficult. The common theme? Taking every advantage security orchestration and automation (SOAR) has to offer.

Overcoming limited resources with SOAR tools

When asked what their greatest security challenges were, our panelists quickly zeroed in on a select few. Chief among them were insufficient resources. This is unfortunately a common reality for cybersecurity teams—and isn’t likely to disappear in the near future. However, there is a clever way to combat its effect.

While the obvious answer would be to focus on ways to increase their available security resources, our panelists argued it’s actually the opposite. The focus should instead be on ways to decrease the amount of resources necessary.

When we talk about limited resources, we really mean a general lack of three things:

• Time
• Workload (FTEs)
• Budget

All are somewhat dependent on each other and surprisingly scarce when you need them most. SOAR tools, like InsightConnect can be a great way to decrease your team’s need for all three of these bottlenecks.

When it comes to time, SOAR gives you automated ways to tackle trivial tasks—think less time jumping between tools and staring at dashboards. As you begin to offload repetitive tier 1 chores to a SOAR stack, you naturally have less need for FTE hours worked. Along the same lines, fewer FTEs and resources spent on tier 1 work in general translates to a happier budget (and happier analysts).

Bridging the gap

As a relatively new field, cybersecurity requires some relatively new skills that must be learned. The problem is that these high-demand skills are in short supply.

Compounding this skills shortage is the aforementioned lack of resources with which to bridge the gap. One way to think about this is to shift your focus, and SOAR is great at facilitating just that. What if the underlying problem isn’t a shortage of skills: it’s an over-emphasis on skills that maybe aren’t as in-demand?

Case in point: CIO recently published its list of “most in-demand cybersecurity skills,” including penetration testing, DevSecOps, cloud security, and encryption.

You might notice a theme: all are dynamic disciplines undergoing constant innovation. That said, your current daily activities are likely more focused around “keeping the lights on.” Instead, look for ways to leverage SOAR processes to help shift your focus from mundane, redundant tasks to sharpening your skills in more innovative, forward-thinking matters. Need some inspiration? Learn more about some of the most popular security use cases for a SOAR solution to handle.

De-couple the dashboard

Don’t get me wrong, dashboards are great. They provide a centralized view of just about any security information you could want. However, problems arise when you aren’t so sure what you should do with all that data, leaving you with a deluge of information that keeps you glued to the dashboard and sifting through alerts like a mail carrier on Christmas Eve.

It’s this alert fatigue that poses substantial risk to environment safety. As information in a given dashboard creeps past the functional threshold by which we mere humans can intelligently respond, mistakes are made and alerts are neglected or missed altogether. This error-prone lynchpin of modern cybersecurity represents abundant opportunity for an automated security stack leveraging SOAR.

Instead of relying on a set of tired eyes, SOAR tools can be used to automatically facilitate steps involving sorting, prioritizing, and responding to events. The result is an environment where potential vulnerabilities are remediated in a consistently efficient manner. This in turn leads to greater a security posture and less need for Visine and afternoon cat-naps.

With that, our first Summer Security Fundamentals recap comes to an end. Hopefully you now have a greater appreciation for the resource-liberating, gap-bridging, and eye-saving possibilities SOAR tools provide. Also, be sure to check out the remainder of this summer’s syllabus and sign up to learn more about topics such as vulnerability management, application security, threat detection and response, and cloud security.