https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

AI and Cybersecurity

Enrich Your Solutions Portfolio with SOAR

  • Written by Roger Egan
  • March 3, 2020
Automation can help overburdened SOC staff.
Siemplify's Roger Egan

Roger Egan

As channel partners across the globe assess their portfolio of products and consider emerging security technologies, checklist criteria likely will include hot new sectors, high margins, big professional services attach rates — and limited competition. If this exercise has led you to the security orchestration, automation and response (SOAR) market, you may be on the right track.

As in many industries, automation is arriving to help cybersecurity teams battle the increasing volume of threats facing their organizations, a rise directly correlated with the expanding attack surface and increasing numbers of detection tools in use by organizations. This is especially apparent in the security operations center (SOC), which is ground zero for addressing security incidents. The daily battle to efficiently and effectively handle the barrage of alerts entering the SOC is further complicated by skills and resource shortages. Solutions like SOAR are rapidly maturing to help dispose of these very challenges and transform security operations for businesses.

How exactly does SOAR work and what can customers expect to achieve from it? To answer that question, we must first dispel some confusion, particularly how SOAR fits in with security information and event management (SIEM).

Anyone who must manage a SIEM installation in an extensive enterprise environment knows that SIEM alone isn’t getting the job done. The first SIEM solutions were developed around 15 years ago with the promise to make life easier and better for security analysts by providing them with a centralized platform from which to manage and respond to security events. Few would disagree that SIEM represents an improvement over the practice of manually managing security information from multiple, widely disparate systems. Yet many enterprise customers are increasingly finding that centralizing this information has merely replaced one problem with another.

A large computing environment might have 30-50 different security products, from firewalls to email gateways to endpoint protection, each of which produce its own alerts. When all of these alerts are funneled into a central place for handling, it can create alert overload: security analysts become inundated with notifications from dozens of tools simultaneously, many of which are likely to be redundant, and the analysts must attend to each one individually to find the correlations and weed out false positives. This is a slow, labor-intensive process that can tie up valuable analyst time for extended periods, and the tedious nature of the work can increase employee stress and eventually lead to burnout as analysts become dissatisfied and seek work elsewhere. And the greater the load on the analysts, the greater the danger that a critical alert might be missed or mishandled.

Get to Know SOAR

SOAR is designed to solve this alert overload problem and bring efficiency to the alert review process. SOAR doesn’t replace the customer’s SIEM installation — rather, it integrates with it to deliver SIEM’s original promise of providing analysts with coordinated, actionable security intelligence. The letters in SOAR tell the story:

  • Security orchestration: SOAR works with SIEM to connect and integrate various security systems and processes together.
  • Security automation: SOAR automatically handles tasks that would otherwise be performed manually by a security analyst.
  • Security response: SOAR provides an organized framework for both analysts and the SOAR solution itself to address and manage security incidents in a way that limits damage and reduces recovery time and costs.

For example, a typical breach incident might trigger alerts in multiple places. Suspicious files and network activity could bring notifications from enterprise firewalls, email gateways, intrusion detection systems, host-based antivirus software and more. On their own, most SIEM solutions would pass these alerts on to a security analyst without attempting to correlate them or provide any additional intelligence. Faced with a clutter of alerts from the same original incident, multiple analysts within the group would likely pick …

  • Page 1
  • Page 2
Tags: MSPs Business of Security Cloud and Edge MSSP Insider Network

Related


  • Risk, Threat, Vulnerability Assessment
    Tenable Research: Publicly Known Vulnerabilities Increased in 2020
    Ransomware was by far the most popular attack vector in 2020.
  • SMB cybersecurity
    SMBs’ Cybersecurity Risk Awareness Is Rising
    The majority of SMBs would switch MSPs for the right cybersecurity support.
  • Cybersecurity Roundup
    Democrats to Take Charge of Federal Cybersecurity in Election Aftermath
    Democrats will have their hands full when dealing with federal cybersecurity.
  • DC Capitol Riot
    US Capitol Rioters Pose Cybersecurity Threat Due to Device Access, Theft
    It's not yet known what all the rioters got their hands on or saw.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Is It Time to Switch Your RMM and PSA?
  • Organizations’ COVID-19 Rush to Remote Work About to ‘Backfire’
  • IBM: Cybercriminals Could Disrupt COVID-19 Vaccine Supply Chain
  • FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Webinars

View all

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021
  • 2

Your Network Perimeter Has Changed

February 18, 2021

In Case of Emergency: The Importance of Proactive Critical Event Management

February 23, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Native @MicrosoftTeams integration coming to @SAP apps. dlvr.it/RrKz34 https://t.co/tM7SQaaOHl

January 26, 2021
ChannelFutures

#Biden, @CompTIA both launch big #cybersecurity efforts (separately). dlvr.it/RrKr54 https://t.co/hXEw2CGUMZ

January 25, 2021
ChannelFutures

.@HPE appoints new head of worldwide distribution. #cloud dlvr.it/RrKJLT https://t.co/FW0OUTDJFF

January 25, 2021
ChannelFutures

Following its acquisition of SAP specialist Pioneer B1, new @SapphireSystems GM reveals "buy and build" growth stra… twitter.com/i/web/status/1…

January 25, 2021
ChannelFutures

.@exabeam, @VulcanCyber, @ntti3, @Vectra_AI, @Lookout and @valtixinc give high marks to @POTUS' federal… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Judge sides with @AWScloud against #Parler; @SADAsystems gets AI-centric board member; @EnsonoIT, @navisite get… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

2021 may be the year of the #security-centric #MSP @BarracudaMSP #remoteworking #ITsecurity #dataprotection #RMM… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Adding #AIOps and #AI-driven WANs will help IT administrators move forward, says @MistSystems.… twitter.com/i/web/status/1…

January 22, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X