Security Operations : 6 key capabilities to consider in choosing an orchestration platform

In my previous article, I wrote about the top challenges of the Security Operations Center(SOC) team and the options to address.

Before we go into the details on the capabilities to consider before investing in an orchestration platform, let’s look at the typical SOC workflow

SOC Workflow

To facilitate this workflow SOC infrastructure might use SIEM (Security information and event management), SOAR(Security Orchestration, Automation and Response) and/or XDR(Extended Detection and Response) platforms. These platforms tackle the same problem which is making sense out of the abundant security-related information and events from various security tools. They all have some overlapping functionality and some advantage over another but there is no silver bullet that can turn the SOC operations easier overnight.

While these platforms help in preprocessing the data, there is still a need for humans to review, acknowledge, or even remediate the incidents. These platforms enable high-fidelity detections, prioritization of real threats among the noises, and incident response capabilities.

I see these platforms as Augmented Intelligence rather than Artificial Intelligence(AI).

All these platforms play an assistive role by providing the most important data for the human partner to make a decision on. It will take a while to summon Alexa to mitigate all the daily threats of the day.

In this article I would like to make some recommendations for SOC teams to look for while choosing one of these platforms:

If the above recommendations are implemented in SOC workflow, then we can see an intelligence augmentation that can help SOC teams to act on threats faster and with accuracy.

Here is my illustration of SOC workflow with Augmented Intelligence

SOC workflow with Augmented Intelligence

The solution built using this approach can connect the dots and it can be a very interesting tool for SOC teams to rely on. By unifying multiple vendors, threat hunting will be accurate and fast.

On Cyber Security