SOAR, the dinoSAUR in the room.

Another cyber security breach, a sentence that has become part of our daily lives.

A security breach is any incident that results in unauthorized access to computer data, applications, networks, or devices. It results in information being accessed without authorization.


Typically, it occurs when an intruder can bypass security mechanisms.

Technically, there's a distinction between a security breach and a data breach. A security breach is effectively a break-in, whereas a data breach is defined as the cybercriminal getting away with information. Imagine a burglar; the security breach is when he climbs through the window, and the data breach is when he grabs your pocketbook or laptop and takes it away.


Confidential information has immense value. It's often sold on the dark web; for example, names and credit card numbers can be bought, and then used for the purposes of identity theft or fraud. It's not surprising that security breaches can cost companies huge amounts of money


The sad part of this daily occurrence is the organisations security teams at the frontline of this war is ill equipped to fight the next generation of threats. Organisation’s security teams and leadership must realise that this war has evolved to much more than just the traditional perimeter of your organisation and there SOC response teams on the ground need to be more prepared, better equipped, more agile than any attacker or hacker organization.


This leads me into the title of this article “SOAR the dinosaur in the room. “


Now Gartner classifies SOAR or Security Orchestration, Automation and Response as the following SOAR refers to technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize, and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.


It’s at this very moment that your security analyst will be asking what’s the problem, this is a critical part of our daily operations? It takes highly skilled Tier 1, Tier 2, and Tier 3 security Analysts to keep the organisations SOAR operations running? I want to see you do better at threat hunting, I want you to find threats faster, I want your response to be more detailed and always give you the Who, What, Where, When?


Before you continue, please hear me out.


Traditional SOAR and SIEM solutions are old, out of date and a in a nutshell give originations false sense of security! The faster an organisations SOC team and Security Leadership realise this the faster organisations can equip themselves to be ready for the new age of cyber security. Resources should not be spending months to analyser millions and even billions of events to tirelessly build correlation rules just to realise that 90% of alerts and events are false positives? SOC teams spend millions on having the latest and greatest SOAR/SIEM solution hoping the playbooks and automations will help them find threats faster and I mean not a year after the breach has taken place. Don’t get me wrong Traditional SIEM and SOAR has a place, but SOC teams need to be realistic and accept that the perimeter has shifted, and the new name of the game is called IDENTITY!


The concept of identity has always been difficult to understand but in a nutshell, Identity can be classified as a user, a customer, a IOT device, a person and anything that’s an entity. I can probably go on a wild run bashing why SOAR/SIEM solutions no longer work… but ultimately how do we better our organisations response and how do we utilise the power of identity to EVOLVE your security?


Behavioural analytics gives you a new lens through which to detect, investigate, and respond to threats that may be hiding in your enterprise—before your data is stolen. Using machine learning, UEBA distils billions of events into a prioritized list of high-quality security leads to focus and accelerate the efforts of your security operations centre (SOC). This intelligence uses big data and machine learning models, combined with a highly intuitive user interface (UI), to accelerate threat detection and investigation from weeks to minutes. It is uniquely positions your SOC to find the threats that matter your organizations valuable data. Ultimately, it helps your SOC team protect, limited security or financial resources, and significant surface area to monitor. Unlike other solutions UEBA works with you SOAR solution to bypasses rules and thresholds and instead assesses the potential risk of a user or entity in your enterprise based on mathematical probability and unsupervised machine learning models. This approach, combined with big-data architecture, allows your security team to detect threats with speed and at scale.


In conclusion UEBA helps your SOC teams

  • Find elusive, unknown threats

  • Contextualized events of the riskiest behaviours

  • Cut through the noise

  • Boost SOC productivity

Security Leaders enable your SOC teams to Respond before the damage is done, UEBA was made by threat hunters to help you EVOLVE YOUR Security.

#UEBA #SIEM #SOAR #IAM

Brendon Meyer

27 views

Recent Posts

See All