SOAR Allows Cybersecurity Talent to Focus on Highest Value Tasks

Security Orchestration, Automation and Response (SOAR) frees analysts from rote but necessary work, allowing them to focus on complex analysis.

The cybersecurity industry needs relief — and it may be here, thanks to SOAR technology.

In 2018, the cybersecurity workforce gap reached 2.9 million globally, according to a 2018 study, with a shortage of over a quarter of a million skilled personnel in EMEA alone. At the same time, cyber threats continue to grow in sophistication and cost, leading to million in losses annually.

Because of the shortage, the current cybersecurity workforce faces high-stress, fast-paced, non-stop demands and extreme workloads. Repetitive and routine tasks— such as monitoring alerts, creating tickets and tracking incidents — consume too much of their time, time that would be far better spent on more involved and sophisticated tasks associated with defending networks and systems.

Now however, much of that rote, repetitive work can now be automated, thanks to Security Orchestration, Automation and Response, or SOAR, technology. The capabilities and uses for SOAR are nearly limitless.

A SOAR platform uses APIs or monitors log activity to identify potentially malicious activity. Upon activity that meets the criteria — say a phishing email with a malware attachment— the SOAR platform sends the email attachment to a malware analysis platform, notifies the team, ingest the results of the malware analysis, and then lets the team know if indicators are found on the network. All of this is done using playbooks built around an organization’s unique operational and business needs.

SOAR technologies can be integrated with existing security tools, configured with playbooks and enabled to act on events and activities, meaning normal workflows like intel gathering, activity correlation and identifying false positive alerts can be automated. This frees up analysts to focus on more complex tasks, those that require critical thinking and interpretation, and reduces the workforce shortage burden.

Surprisingly, SOAR technologies haven’t yet received the attention they deserve. At cybersecurity conferences, the focus continues to be on tools — tools that generate more logs, more notifications, more alerts. Security teams need tools, of course. But what they really need is to automate repetitive and remedial tasks, to focus on pertinent investigations and reduce alert fatigue.

Resistance to these new technologies appears to come from a variety of sources, including security professionals worried that the businesses they support could see this as a way to downsize its security team.

This is an understandable concern, but automation in every other sector has actually increased work roles and pay for advanced positions. The human element of cybersecurity must be protected; we will always need people to think critically and respond in ways machines can’t. SOAR should be thought of as force multiplier, not a force reduction technology.

Rackspace is incorporating SOAR to enhance our security operations and capabilities. Utilizing SOAR allows our security professionals to do what they do best: think critically and hunt threats while automation handles the everyday minutiae that can slow operations.

If you’d like to learn more about how Rackspace is using SOAR technologies, or how your business can leverage a Managed Security Service Provider like Rackspace to provide 24×7 cybersecurity expertise to support your business operations, reach out to our security experts.

LEAVE A REPLY

Please enter your comment!
Please enter your name here