Since the adoption of robotic process automation, there is this subtle expectation that automation is the future for many things that involve human processes. After all, if we can automate how we process payments or troubleshoot a problem, we should be able to save time, allowing us to do other things.
Abhishek Narula, chief technology officer at Fortinet’s SOAR business unit describes how cybersecurity works:
In the detection phase, big data and analytics are used to understand what could be going wrong. Alerts are sent to analysts who follow a step-by-step process (workflow or playbook) to try and understand what is happening and to eventually decide if an incident is benign or threat.
According to Narula, SOAR or security orchestration, automation and response follow this recipe and convert the event into a flow chart, or an automation playbook. He clarifies that for SOAR to work there must be a process. So, no process in place, forget SOAR.
He opines that for SOAR to be applicable, there needs to be some level of maturity in how an organisation processes cybersecurity events. “A threat is never a single alert,” asserts Narula. “The ability to put events together as a threat chain forming an adversarial action is the capability that SOAR brings.”
For the full article, click here
