SOAR (security, orchestration, automation and response) is becoming more popular in security circles. But what is it? What does it do? Is it really a replacement for SIEM (security information and event management)? Ask different vendors, and you get a different story. To find out more, Enterprise Times asked Neelima Rustagi, Senior Director of Product Management, Palo Alto Networks, and Deidre Smith, Senior Vice President, Global Security Services at NTT Limited.
IT security teams are currently drowning under the level of alerts they are getting and having to resolve. The problem with their current technology, SIEM, is that it is often just one of several tools that IT security teams use. It is creating problems in how they assess the information from multiple tools.
According to Rustagi: “clients are really asking for a single service view. They’re asking for single alerting streams. They’re asking for collaboration. Putting together this threat intelligence as well so that we can aggregate those disparate views for ourselves into a single pane of glass.”
But even when you can bring all that data into a single view, how do you action it? One of the threads that runs through this podcast is the use of playbooks. Both Rustagi and Smith agree that they are critical to how you respond to an incident.
Smith says: “Playbooks certainly make a massive difference in our ability to respond because it gives us the ability to be efficient. It gives us the ability to be consistent when we’re running multiple teams on multiple continents.
“It gives us the ability to speak to the client in the same language, because at the end of the day, an incident is an incident is an incident.”
To hear what Rustagi and Smith had to say, listen to the podcast.
Where can I get it?
You can listen to the podcast by clicking on the player below. Alternatively, click on any of the podcast services below and go to the Enterprise Times podcast page.