Understanding SOAR In Network Security

Understanding SOAR In Network Security

SOAR stands for Security Orchestration, Automation, and Response. The term is used to describe three software capabilities – threat and vulnerability management, security incident response and security operations automation. SOAR allows companies to collect threat-related data from a range of sources and automate responses to low-level threats.

 

 

What is SOAR

SOAR connects all your security tools together into a defined workforce that can be run automatically. It increases the efficiency of your team members by automating repetitive processes.

 

Automation is very important in today’s security world because the security team are overwhelmed. As new tools are developed to address security challenges, network security experts have to switch between those tools to analyse those tools.

 

 

One of the common day-to-day tasks is responding to alerts. With more security tools come more alerts. When you have more alerts to respond to that means you have lesser time to spend on each alert. This will increase the likelihood of mistakes being made. When you have more alerts to respond to and it is degrading your performance. It is always referred to as Alert Fatigue.

 

 

Alert Fatigue

You should note that even if you want to hire more security analysts, they are in short supply. When SOAR put all the alerts in one place, it reduces the number of Alerts that Analysts have to deal with. This allows Analyst to perform all their analysis from the source interface of the device. This process can now be manually or automatically transformed into a playbook.

 

 

A playbook is like a flowchart of steps that can be repeated on demand. By using a playbook, you can ensure that standard operating procedures are followed and there are no errors. You can also monitor the activities that are performed. When it was performed and who was the person that carried out such activity? This is called orchestration and automation in network security.

PEOPLE ALSO READ:  End Device Logs In Cybersecurity: The Various Types

Investigation

An investigation is another crucial capability of SOAR. When suspicious activity is discovered, teams can perform their investigative tasks. When carrying out an investigation, they can check threat sources to know where it is coming from and whether it has happened before.

 

They can also query a security information manifest system to know more about the threats. They can also check the Security Information and event management system to profile the threats and decide on the best ways of dealing with those threats.

 

 

The information gathered from the investigation will now determine the required mitigation steps to follow. Because SOAR covers all your security tools, you can take those mitigation steps from within SOAR and apply them to your entire network security structure.

 

 

From within SOAR, you can block traffic from a malicious IP address. You can also delete a phishing email from your server. You can also make use of playbooks to automate repetitive tasks from within SOAR.

Automation

The automation process allows Analysts to devote more time to investigating threats and taking mitigation steps. SOAR does more than centralise the incident response process. It optimizes the entire network security operations for the organization. An optimisation can help in improving security employee performance and boosting collaboration.

 

 

SOAR also allows you to assign different categories of alerts to different types of individuals that can handle such alerts. It also allows them to add additional information to those alerts as they work on them. This will allow those that will work on that later to have an additional context of the information.

 

 

More About Playbooks

A team uses a playbook also known as Workflow as a way of determining how to respond to alert workflows. The playbook can emulate and take the steps that Analysts would have taken when they are responding to security incidence. Playbook does repetitive tasks such as compiling databases or sending emails. It can also implement firewall blocks.

PEOPLE ALSO READ:  All You Need To Know About Wi-fi Technologies

 

 

It allows teams to improve their response speed and consistency. It also allows teams to maintain authority over the entire process. Using a playbook can reduce the Analyst workload. It is capable of reducing the chance of error.SOAR can be used to carry out our Phishing investigation. With SOAR, an analyst will spend so much time tracing the sender of a phishing email.

 

 

Phishing Investigation

If the Analyst determines where Phishing is coming from, they will need to spend more time investigating the Phishing server.

 

They need to determine who received or click on the email as well as delete them. With a Phishing investigation playbook, the initial steps in phishing investigation are taken automatically. As the emails come in, the Analyst will only be alerted to those emails that the playbook considers suspicious.

 

 

After the Analyst confirms that the email is truly a phishing email, the playbook can continue to take further actions on the email. It can now automatically delete the email from all users’ inboxes. It will now alert the Analyst about the actions taken. It can also take decisions on what to do when similar phishing messages are received in the future. The Fortinet SOAR product is called FortiSOAR and it has all the features that we have mentioned so far.

 

 

 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

PEOPLE ALSO READ:  Choosing A Secured Online Payment Service: How To Do It (+Examples)

 

     

Fact Check Policy

Loading

Related Posts

advievadviev
Adviev – The New Way to Earn...
Adviev – The New Way to Earn and Advertise     Adviev is...
Read more
GAMIFICATION IN AN IDEAL EDUCATIONAL SETTINGGAMIFICATION IN AN IDEAL EDUCATIONAL SETTING
GAMIFICATION IN AN IDEAL EDUCATIONAL SETTING: A...
    Akinwole Adebayo Najeemdeen (B. Ed, M. Ed).   Abstract Teachers have to solve...
Read more
The Christian Faith. RCCG Sunday School Manual.
  MEMORY VERSE: “But God commendeth his love toward us, in that, while we...
Read more
Understanding RepentanceUnderstanding Repentance
Understanding Repentance. RCCG Sunday School Teachers
1. O Sunday School, on the Lord’s day, O how I...
Read more
Convert Leads Into SalesConvert Leads Into Sales
Converting Leads Into Sales: A Practical Guide...
In my previous article, I talked about some of the...
Read more
shollizyshollizy
Shollizy: Try
Shollizy-Try Available on Youtube   https://youtu.be/tM5-Uwh-AHM   Action Point PS: If you would like to...
Read more
Understanding Threats And Vulnerabilities For NetworksUnderstanding Threats And Vulnerabilities For Networks
Understanding Threats And Vulnerabilities For Networks
    In this article, I want to look at some of...
Read more
Lukasz ZeleznyLukasz Zelezny
Tommy Griffith: His Blogging Suuccess TIps (+Practical...
  Here are some amazing Blog Success Tips from the Founder...
Read more
CRMNuggets Whatsapp Channel
telegram
truehost
About Adeniyi Salau 1575 Articles
Adeniyi Salau is a highly dedicated and committed Blogger of repute. He likes sharing his IT knowledge with others. My desire is to impact as many lives as possible with my IT skills. You can download my mobile APP. Download the ICTLOAD APP on Google Playstore. Thanks.

Be the first to comment

Leave a Reply

Your email address will not be published.


*