https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2023 MSP 501 Application
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2023 MSP 501 Application
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

AI and Cybersecurity

Enrich Your Solutions Portfolio with SOAR

  • Written by Roger Egan
  • March 3, 2020
Automation can help overburdened SOC staff.
Siemplify's Roger Egan

Roger Egan

As channel partners across the globe assess their portfolio of products and consider emerging security technologies, checklist criteria likely will include hot new sectors, high margins, big professional services attach rates — and limited competition. If this exercise has led you to the security orchestration, automation and response (SOAR) market, you may be on the right track.

As in many industries, automation is arriving to help cybersecurity teams battle the increasing volume of threats facing their organizations, a rise directly correlated with the expanding attack surface and increasing numbers of detection tools in use by organizations. This is especially apparent in the security operations center (SOC), which is ground zero for addressing security incidents. The daily battle to efficiently and effectively handle the barrage of alerts entering the SOC is further complicated by skills and resource shortages. Solutions like SOAR are rapidly maturing to help dispose of these very challenges and transform security operations for businesses.

How exactly does SOAR work and what can customers expect to achieve from it? To answer that question, we must first dispel some confusion, particularly how SOAR fits in with security information and event management (SIEM).

Anyone who must manage a SIEM installation in an extensive enterprise environment knows that SIEM alone isn’t getting the job done. The first SIEM solutions were developed around 15 years ago with the promise to make life easier and better for security analysts by providing them with a centralized platform from which to manage and respond to security events. Few would disagree that SIEM represents an improvement over the practice of manually managing security information from multiple, widely disparate systems. Yet many enterprise customers are increasingly finding that centralizing this information has merely replaced one problem with another.

A large computing environment might have 30-50 different security products, from firewalls to email gateways to endpoint protection, each of which produce its own alerts. When all of these alerts are funneled into a central place for handling, it can create alert overload: security analysts become inundated with notifications from dozens of tools simultaneously, many of which are likely to be redundant, and the analysts must attend to each one individually to find the correlations and weed out false positives. This is a slow, labor-intensive process that can tie up valuable analyst time for extended periods, and the tedious nature of the work can increase employee stress and eventually lead to burnout as analysts become dissatisfied and seek work elsewhere. And the greater the load on the analysts, the greater the danger that a critical alert might be missed or mishandled.

Get to Know SOAR

SOAR is designed to solve this alert overload problem and bring efficiency to the alert review process. SOAR doesn’t replace the customer’s SIEM installation — rather, it integrates with it to deliver SIEM’s original promise of providing analysts with coordinated, actionable security intelligence. The letters in SOAR tell the story:

  • Security orchestration: SOAR works with SIEM to connect and integrate various security systems and processes together.
  • Security automation: SOAR automatically handles tasks that would otherwise be performed manually by a security analyst.
  • Security response: SOAR provides an organized framework for both analysts and the SOAR solution itself to address and manage security incidents in a way that limits damage and reduces recovery time and costs.

For example, a typical breach incident might trigger alerts in multiple places. Suspicious files and network activity could bring notifications from enterprise firewalls, email gateways, intrusion detection systems, host-based antivirus software and more. On their own, most SIEM solutions would pass these alerts on to a security analyst without attempting to correlate them or provide any additional intelligence. Faced with a clutter of alerts from the same original incident, multiple analysts within the group would likely pick …

  • Page 1
  • Page 2
Tags: MSPs Business of Security Cloud and Edge MSSP Insider Network Security

Most Recent


  • Making Waves
    8 Channel People Making Waves This Week at Lumen, Accenture, Amazon, Canalys, More
    Cisco led a “crowded” secure access service edge (SASE) market in terms of revenue in 2022, experts said.
  • network in the cloud
    Fortinet, Huawei, Palo Alto, VMware Lauded in Gartner Peer Insights SD-WAN Study
    Thousands of customers have weighed in on how their SD-WAN vendors have performed.
  • Do AWS, Azure, Google, Oracle, Others, Have Too Much Market Power?
    The FTC, concerned about cloud vendors’ sway over customers, is seeking public comment.
  • Unemployed, layoffs
    Veeam Layoffs Impact 200 Workers, Company Remains 'Strong, Profitable'
    Veeam continues to hire for roles in R&D.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Security Vulnerability
    Older Fortinet Vulnerabilities Lead to Attack on Local Government Office
  • Threats
    Cybersecurity and Threat Protection: MSSPs, Get Your Advice Here
  • DevSecOps
    ServiceNow, Microsoft Set to Deliver Broad SecOps Integration
  • Dunce Cap Businessman
    Tired of MSSPs ‘Failing,’ Nuspire Debuts Platform to Combat Cyberattacks

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

8 Channel People Making Waves This Week at Lumen, Accenture, Amazon, Canalys, More

March 24, 2023

National Women’s History Month: Channel Women Have Stories to Tell

March 24, 2023

VEC Attack Tries to Steal $36 Million, Ferrari, Dole Hit with Ransomware Attacks

March 23, 2023

Industry Perspectives

View all

Selling Your MSP: Strategic vs. Financial Buyers

March 22, 2023

10 Strategic Smart Enterprise Drivers for 2023

March 16, 2023

Does Your Company Have a Virtual Water Cooler?

March 13, 2023

Webinars

View all

Equipping the Hybrid Workforce: What It Takes to Execute

March 28, 2023

Give Customers the Power: How MSPs Can Leverage Cloud Choice

April 4, 2023

DE&I Dialogue: How the Right DE&I Initiatives Can Propel Your Business

April 5, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 121: Hewlett Packard Enterprise

Aryaka ‘Driving Value to the Channel Community’ with Throttle

March 24, 2023

Real-Life M&A: Advice for a Successful Channel Deal

March 13, 2023

Coffee with Craig and James Episode 120: Ronnell Richards

March 3, 2023

Twitter

ChannelFutures

Channel people making waves include: @jmcbain, @NetworkMoe, @ajassy, @JulieSweet, @Elvia_Valdes_M, @GovITDave… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

We delve into AI impacting the channel, this week featuring @nvidia, @GoTo, @twilio and more.… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

[email protected]_Inc's Peer Insights are a treasure trove for partners looking to sell #SDWAN. dlvr.it/SlRDmk https://t.co/oElLXzOIbb

March 24, 2023
ChannelFutures

#CPExpo preview: @GlobalIndirect of @AryakaChannel with a preview of the next phase of the company's channel progra… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

U.S. competition regulators want to know if @AWSCloud, @Azure, @GoogleCloud, @OracleCloud hold too much market powe… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

📣 Join us on April 13th to hear from the 2023 Channel Influencers and get their insights on the state of the channe… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

#CPExpo preview: Learn about why @USWired accepted an #acquisition deal and what partners should look for in an M&A… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

.@Veeam lays off 200 workers to increase efficiency. #backupandrecovery dlvr.it/SlQWZW https://t.co/QTJx1NX69q

March 24, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X