As the attack surface has grown; so have the technologies built to tackle it. Unfortunately, the multitude of point solutions have in some ways complicated matters for security practitioners, creating segmented data that requires a great deal of time and resources to unite. And with networks and risks constantly in flux, all this work amounts to only a narrow and likely outdated view of an organization’s state of security.

Gartner has introduced a new technology stack for security operations, analysis and reporting dubbed “SOAR.”  SOAR is a security operations analytics and reporting platform utilizes machine-readable and stateful security data to provide reporting, analysis and management capabilities to support operational security teams. They apply decision-making logic and context to provide formalized workflows and enable informed remediation prioritization. In a nutshell, they provide the intelligence that you wish you had in the original technologies.

There are three primary SOAR technology types: security incident response, security operations automation and vulnerability and threat management.

According to the report, SOAR technologies:

  • Rationalize the output of multiple security technologies.
  • Assess the risk posture of assets using vulnerability, configuration, and other operational state data in asset, business and external contexts.
  • Prioritize security operations activities.
  • Automate and enforce remediation and response workflows.
  • Deploy a technology stack composed of two or more SOAR technologies for full SOM coverage.[1]

We believe that with SOAR intelligence like that in the Skybox® Security Suite, security teams can create agile, mature programs built to match today’s fluid networks and evolving threat landscape.

Take, for instance, the announcement of a new CVSS-scored “critical” vulnerability. With new vulnerabilities discovered daily and the likely thousands waiting to be addressed in an enterprise network, it’s hard for vulnerability management teams to understand what attention to give to this particular announcement. But with Skybox SOAR-style technology, an analysis is run automatically, comprehensively and contextually across the attack surface. In the case of the Security Suite, integrated modules assess:

  • Network and threat intelligence: Is the vulnerability only applicable to certain software versions? How has it been used in the wild, if at all?
  • Network topology and security controls: Where is this vulnerability on your network? Is it already protected through existing controls?
  • Potential business impact: What’s the value of the vulnerable asset? How could a breach be contained?

Evaluating these questions across an entire attack surface will prioritize risks in asset and business context and help focus mitigation efforts where they matter most for the unique organization.

 

 

[1] Gartner Innovation Tech Insight for Security Operations, Analytics and Reporting, Oliver Rochford and Paul E. Proctor. November 11, 2015.

 

Resources

Read the full Gartner SOAR report – Innovation Tech Insight for Security Operations, Analytics and Reporting.

See how Skybox uses attack simulation and access path analysis to understand threats outside and inside your network in real-world context.

Security analytics: visualized. See what Skybox® Horizon can show you in your attack surface, in an instant.