Many automation tools, such as SOAR, suffer from an ironic Catch-22: you know that automation will save your team huge amounts of time, but it’s difficult to implement and requires skills you don’t necessarily have in-house. Essentially, you can’t afford the tools that will save you money. Ay, there’s the rub! You may have seen tools promising “no-code” capabilities with intuitive GUIs that help non-programmers build abstract functions.

Cloud adoption and digital transformation have enlarged attack surfaces that can be exploited by malicious actors to harm your organization. Traditional SIEMs and EDRs fall short as they are not cloud-native and also difficult to scale. Further, there are inherent fixed costs that need to be considered when adopting any modern threat detection apparatus.

This past June I presented a.conf22 session called “A Beginner’s Guide to SOAR: Automating the Basics” to address perceptions about SOAR adoption among security practitioners. This was my first in-person presentation to a live audience in several years because of the pandemic and I was encouraged to find that the session was among the highest attended at the event with well over 200 attendees in the room.

So you’ve set up a Security Orchestration, Automation and Response (SOAR) platform. You’re now ready to detect, respond to and remediate whichever threats cyberspace throws at you, right? Well, not necessarily. In order to deliver their maximum value, SOAR tools should be combined with playbooks, which can be used to drive SOAR systems and ensure that SOARs remediate threats as quickly as possible — in some cases, without even waiting on humans to respond.

Tines empowers anyone to automate their manual work, regardless of complexity, without writing a single line of code. Many teams starting on their SOAR journey often don't know what processes can be automated and find it challenging to translate their manual work into software-based solutions. In cybersecurity, automating repetitive processes at scale is a relatively new idea with little public research to support it.

When everything is going well, it's pretty easy to plan and manage routine activities in any business process. But stress kicks in when we encounter an unexpected incident that risks radically damaging the functioning of the organization. It is quite difficult to decide what step to take under intense stress. An unexpected incident that breaks through the barriers of the cybersecurity posture can cause all digital functions of the organization to stop.

The SOAR market is undergoing a radical transformation fueled by the rise of best-in-class tools that are laser-focused on helping security teams to solve a core problem. Until recently, SOAR was driven by all-in-one solutions, claiming to be silver bullets but offering suboptimal functionality and user experiences.

You know that us Splunkers love to go deep into use cases and figure out what helps our customers the most. However in today’s business world, industry recognition goes a long way in proving the value in the products and services we use. For example if you were Munich Airport, then it would speak volumes to others if your airport was named as a “First Five-Star Airport” or if you were Dachser Logistics and went on to win the “One Eaton Supplier Premier Award”.