Why SOAR
In an environment where enterprises can receive as many as ten thousand alerts each day, as suggested by data obtained from a 2018 RSA survey, and where the market for qualified security team members can yield slim pickings, a prime concern for any venture has to be “how do we collect, and review all of the necessary data required to appropriately respond to these threats?” How do you? How do you properly allocate the time and effort of your security team and at the same time, identify, manage, and respond to the eminent title wave of threats where cybercrime and e-commerce walk hand in hand growing in popularity and coming to the forefront of our daily lives?
A rapidly growing trend dealing with this very challenge is a process automation tool, coined by Gartner researchers Security Orchestration, Automation, and Response (SOAR) can easily detect and respond to low-level security events without human assistance. Automating the process can quickly and efficiently improve your security operations.
As efficient and effective as a SOAR platform can be to improve your operations, the installation and implementation of such a tool does not come without its hurdles. Integrating with existing systems and developing processes to maximize the benefits of SOAR platforms, for example, can be complicated. Challenges such as these are where experts in automating security processes like those at Siemplify come into play.
Who is Siemplify?
Brilliance Security Magazine spoke with Siempliy’s CMO, Nimmy Reichenberg, to get his perspective of SOAR applications. He explained that Siemplify’s founders come from a military defense background, working with Israeli IDF and defense contractors around the world, and are a leader in training military and civilian security teams with private clients ranging from small organizations to Fortune 500 and Global MSSR companies.
The vision and charter of Siemplify are to develop software that helps you better run your security operations team right now. With hundreds of innovations, they boast the capability to plug into an astonishing 80-90% or more of the new products available.
Siemplify differentiates themselves from the crowd of emerging SOAR provider by helping to manage everything that SOCs do to run effectively. From collaboration to case management to shift handover to metrics and tracking, Siemplify aims to capitalize on offering a much broader focus to encompass the efficient operations of your entire security team.
How Can Siemplify’s Solutions help your business?
Providing an intuitive workbench, explicitly designed for ease of use by analysts in mind and decreasing, if not eliminating, the need for costly high-level engineers. Siemplify offers a platform that can be very productive and consistent in making sound, quick decisions to investigate alerts. Their patented workbench directly addresses the problem of a skills gap that has been a challenge for security teams. It isn’t practical or financially viable to hire engineers and analysts at a rate to keep pace with the increase in threat cases. Contextualizing data, categorizing it and providing a visual against it, empowers teams to quickly and efficiently research and handle all levels of situations.
Once installed, Siemplify links to your existing SIEM tools, databases and even monitored folders and mailboxes to pull security alerts. While it might seem counter-intuitive to add yet another technology to the mix, Siemplify uses it’s patented systems to seamlessly integrate and allow SOC teams to get more out of the technologies they have already invested in and is flexible enough that even junior analysts can smoothly run processes for the response. The system can also run many low-level responses autonomously, allowing SOC teams to allocate their attention elsewhere accordingly. Alerts are wrapped up in cases and categorized to a single view for management and audit saving hours of research time. Through the workbench, alerts can run response actions directly. Reports for directors and management can be managed and ran according to protocol. All from one easy to use workbench.
The Bottom Line
Siemplify also stresses the importance of the ROI in their technology. Using a SOAR solution can easily close over 70% of a venture’s trivial alerts, and cut costs associated with the investigation of this vast body of events by as much as 90%. As impressive as that may seem, this technology boasts the ability to identify, classify, and streamline data for more meaningful alerts cutting large blocks of time for analysts to close these events.
Cutting the explicit costs of cutting time expenditures for SOC teams, as impressive as it may be, is not the end of the story. SOAR solutions also have an implicit impact on savings by reducing the cost of hiring and training analyst, shift handover, time spent on playbooks, morale within the SOC, and retention of employees. SOAR solutions help SOCs document and retain knowledge, increasing consistency, and providing information for new hires in the event of staff turnover. While it is easy to quantify the cost of hiring analysts and their time spent on more trivial operations, these implicit costs offer a gold mine of savings for a company’s security budget.
Siemplify is a context-driven, holistic, security operations platform that promises to simplify the security team’s work with a centralized workbench that enables SOCs to better investigate, analyze, and remediate threats. And, by using automated processes, Siemplify empowers SOC teams to continuously improve and cut costs by reducing complexity, easing caseload burdens and ushering faster response time. All the while cutting costs in the long run with easy to measure returns on investment. These benefits, in an atmosphere of continuously increasing cyber attacks on commerce, will prove to be of great worth.
Cody Bowcut, contributing editor