Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SOAR

The latest News and Information on Security Orchestration, Automation and Response.

What is SOAR?

If an individual wants to acquire information about cyber security, or cyber security tools in general, coming across SOAR is inevitable. Since the SOAR abbreviation is all over the place, the importance of it is also easy to recognize. What makes SOAR crucial for cyber security then? In order to answer this question, the full name of the tool should be addressed. SOAR stands for** Security Orchestration Automation and Response**.

Splunk SOAR Playbooks: Azure New User Census

Hafnium is the latest cyberattack that utilizes a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched). Learn how you can use Splunk Phantom to automate account monitoring to ensure that threat actors are not exploiting vulnerabilities to access sensitive information through authenticated accounts.

Taking Automation Beyond the SOC With Advanced Network Access Control

Security orchestration, automation and response (SOAR) tools are most commonly known for automating manual security operations processes in order to expedite security investigations or cyber response. For instance, Splunk’s SOAR technology, Splunk Phantom, is most commonly used to automate alert triage, phishing investigation and response, threat hunting and vulnerability management.

Splunk SOAR Playbooks: Conducting an Azure New User Census

In January and February of 2021, the threat actor called Hafnium used a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched).

Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom

If you haven’t been living under a rock for the past few weeks, you've probably come across the recent Microsoft Exchange Server vulnerabilities and its associated exploits.Stop!!! The first thing you should do is to go and patch any Exchange servers you may be running, then you can come back and finish reading this blog. Microsoft's blog provides links to various tools to help in this regard.

Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

Every security team should utilize security frameworks in their strategy and tactics to help reduce risk from common cybersecurity threats. Security frameworks guide organizations on how they should develop, build, and maintain their IT security policies and procedures while sharing best practices for meeting compliance requirements. Healthcare operations in particular are often presented with increasing regulatory scrutiny and obligations that must be met in order to be competitive.

Sumo Logic to accelerate modernization of security operations with proposed acquisition of DFLabs

At Sumo Logic, our belief is that security operations is no longer a human scale problem. We need tools and technologies to aid our defenders and responders to be able to process, investigate and respond at machine speed. Our vision for modernizing security operations to deal with threats at machine scale has always encompassed more than just SIEM.