Managed security services - threat detection and response
Trend 12: Orchestration, automation, and response technology ease incident management
Incident management has traditionally been executed with defined standard operating procedures or playbooks. However, security analysts who were given these playbooks during an investigation provided inconsistent outcomes and delayed responses.
The SOAR technology has revolutionized how security operations work by establishing playbook development standards. Playbooks are broken down into smaller incident response task pieces and defined systematically to automate the response wherever possible. It has created a granular way of looking at the incident to decide how it must be investigated. SOAR platform integration with other technology controls has elevated the maturity of an organization's security operations program and enabled a mean time to detect, respond, and resolve.
A Europe-based manufacturer developed a SOAR solution to enhance its cybersecurity investigation quality and effectiveness. The solution helps the company reduce mean time to detect (MTTD) and mean time to respond (MTTR) by enabling security alerts that could be qualified and remediated in minutes.
Managed security services - threat detection and response
Trend 13: Advanced security monitoring through cloud-specific protection programs
As organizations move their data to the cloud, security becomes vulnerable. CASB solutions can help by shadowing data and IT.
A CWPP provides multiple capabilities, including:
- Workload configuration and vulnerability management
- Network segmentation, firewalling, and traffic visibility
- Workload behavior monitors - essentially EDR for servers (also referred to as host-based intrusion detection systems)
- Anti-malware scanning
- System integrity measurement, attestation, and monitoring
- Application control
- Log management and review.
CSPM platforms assess cloud workloads and provide a view of the risks involved in those tenants, such as security misconfigurations, vulnerabilities, lack of encryption, improper encryption key management, and extra account permissions. With CSPM's high value, organizations have started integrating it into their DevOps processes.
A U.S.-based financial services company wanted to setup a basic SOC monitoring system. It partnered with Infosys to setup an incident response plan and integrate log sources to Oracle Cloud Infrastructure (OCI) log analytics. This enables the company to track events and respond to any anomalies identified by the system.
