Many organizations struggle with even the idea of building out a Security Orchestration and Automated Response (‘SOAR’) strategy for a number of critical reasons.
- SOAR is often considered a ‘technology capability‘ and not a strategy that integrates with the business and security functions.
- SOAR traditionally focuses on the technical capability of tool integration and analysis, but the automation of the user workstream. When considered in this light, you can have better reporting on ROI.
- Most SOAR platforms, have a limited number of use-cases that may or may not be relevant to your organization. This lack of understanding around the value of a SOAR platform can make the initial purchase a daunting decision leaving you with purchasing paralysis.
Additionally, common complaints from the Chief Information Security Officer’s (‘CISO’)’s about SOAR include, but are not limited to, the following.
- We have already spent $$$ on existing security tools, that have integrations, why do we need a SOAR platform?
- SOAR is to complex
- We have too many resource constraints, and can’t sacrifice and analyst for a developer
- SOAR is only an incident response tool, I need something that is going to more problems than just one of the hundreds I’m facing.
Sorting thru the noise and hype & find true value in a SOAR takes experience, and sometimes an outside perspective.
The CISO Expert approach
- Business and Security Assessment
- Data collection and review
- Workshops and interviews
- Assessment and analysis
- Building Governance
- Roadmap creation
- Use case framework specific for your organization
- SOAR security policy and standards
- Program Buildout
- Identification and implementation of use-case scenarios
- Identification of technologies (for any size organization)
Looking for Help, or want to continue to the discussion, Contact CISO Expert today, to get more information.