3 min read
Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.
Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of approach can maximize investments by bringing new and existing security tools together, make SOC analysts more productive by moving their workflow into one place, and provide flexibility for organizations as their IT and security programs change. Our vision for a next-generation, open and integrated security platform is built around three key tenets:
Security orchestration, automation and response (SOAR) solutions are built on four engines as defined by Gartner: workflow and collaboration, ticket and case management, orchestration and automation, and threat intelligence management. The fusion of these capabilities improves SOC productivity and incident response (IR) times by bringing together people, process and technology. As such, these engines also provide an ideal basis for a robust security stack. Indeed, SOAR capabilities based on an open architecture and with a flexible, hybrid cloud deployment is the ideal approach for a security platform that fulfills this vision.
Placing SOAR at the heart of a security platform helps teams extend and maximize value across the ecosystem and to any security process while working in a centralized, coordinated manner. Incorporating SOAR capabilities into a next-gen security platform provides a foundation that will deliver several benefits.
Any SOC, especially a virtual one, requires seamless collaboration to guide responses and organize tasks — this is a key capability of a SOAR platform. Rather than starting from scratch, teams can work intelligently by following workflows embedded within dynamic playbooks. Furthermore, security teams can leverage the workflow and collaboration engine of SOAR to communicate with key players in different functions, such as IT, legal, HR or PR, helping to facilitate a coordinated and efficient response.
SOC analysts gain efficiencies from case management capabilities that can be managed from the centralized hub of a SOAR solution, eliminating the need to switch between multiple tools and dashboards. When case management is extended beyond the SOAR solution and into a broader security platform, it provides analysts with a common format to use across all connected capabilities. A strong case management function will also include dashboard and reporting capabilities to track metrics and KPIs, highlight trends and gaps, and elevate the business value of the SOC.
Security teams can maximize the depth and breadth of their ecosystems through an open architecture. An open, standards-based approach allows SOC teams to leverage the capabilities of a diverse ecosystem through integrations across a wide variety of data sources and tools and to capitalize on existing investments. The orchestration of these technologies extends SOAR capabilities while providing security analysts greater visibility into the ecosystem.
Placing SOAR at the heart of a next-gen platform allows customers to extend SOAR benefits beyond the incident response process for which SOAR was created to include any security process, such as vulnerability management, identity management, DevSecOps and more. This not only logically extends this investment to generate additional ROI but also yields KPIs about these processes, which can be used to drive continuous improvement and transform security’s relationship to the rest of the organization.
Industry newsletter
Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.
Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.
IBM web domains
ibm.com, ibm.org, ibm-zcouncil.com, insights-on-business.com, jazz.net, mobilebusinessinsights.com, promontory.com, proveit.com, ptech.org, s81c.com, securityintelligence.com, skillsbuild.org, softlayer.com, storagecommunity.org, think-exchange.com, thoughtsoncloud.com, alphaevents.webcasts.com, ibm-cloud.github.io, ibmbigdatahub.com, bluemix.net, mybluemix.net, ibm.net, ibmcloud.com, galasa.dev, blueworkslive.com, swiss-quantum.ch, blueworkslive.com, cloudant.com, ibm.ie, ibm.fr, ibm.com.br, ibm.co, ibm.ca, community.watsonanalytics.com, datapower.com, skills.yourlearning.ibm.com, bluewolf.com, carbondesignsystem.com, openliberty.io