Page 55 - Cyber Defense eMagazine - November 2017
P. 55

THE CRITICAL DIFFERENCES BETWEEN SECURITY

               ORCHESTRATION AND INTELLIGENT AUTOMATION



               by Kumar Saurabh, CEO and Co-founder, LogicHub


               Ransomware, IoT  attacks,  phishing,  cloud  vulnerabilities—there  are  plenty  of reasons for  the
               increase  in  SecOps  workloads.  To  reduce  this  growing  burden  on  security  analysts,  many
               SecOps teams are exploring new security architectures and uses of automation.

               SecOps teams have a wealth of solutions—and acronyms—to choose from. They can evaluate
               Security Automation and Orchestration (SAO) products, Security Orchestration Automation and
               Response  (SOAR)  products  (recommended  by  Gartner),  or  products  based  on  a  Security
               Operations and Analytics Platform Architecture (SOAPA) (recommended by ESG).


               SAO, SOAR, and SOAPA vary in several ways, including how much they rely on orchestration
               and various types of automation.

               How should a SecOps team decide which approach is right for them?




               DIFFERENTIATING ANALYTICS FROM AUTOMATION

               A good first step for cutting through the fog is to distinguish analytics from automation. Analytics
               is a tool that helps analysts with their manual investigations. It produces data and insights for
               evaluating alerts and IOCs. Most of an analyst’s time is unproductively spent on sifting out the
               false positives by having to investigate each one.

               Today,  analytics  supports  decision  making  by  the  analysts.  However,  intelligent  automation
               must  replace  analytics  with  decision  science.  The  automation  itself  needs  to  be  advanced
               enough  to  accurately  weed  through  the  torrents  of  false  positives  and  mark  them  as  such.
               Analytics is not automation, and we should not be comparing them in the same bucket.



               ORCHESTRATION IS NOT ENOUGH

               Orchestration connects the various components of a workflow. By bringing disparate systems
               together in a single of pane of glass, orchestration reduces the number of stand-alone products
               an  analyst  has  to  login  to  and  consult  as  part  of  doing  his  or  her  job.  It  also  provides  a
               mechanism to hand off tasks between different teams.







                   55    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   50   51   52   53   54   55   56   57   58   59   60