Book Image

Security Orchestration, Automation, and Response for Security Analysts

By : Benjamin Kovacevic
Book Image

Security Orchestration, Automation, and Response for Security Analysts

By: Benjamin Kovacevic

Overview of this book

What your journey will look like With the help of this expert-led book, you’ll become well versed with SOAR, acquire new skills, and make your organization's security posture more robust. You’ll start with a refresher on the importance of understanding cyber security, diving into why traditional tools are no longer helpful and how SOAR can help. Next, you’ll learn how SOAR works and what its benefits are, including optimized threat intelligence, incident response, and utilizing threat hunting in investigations. You’ll also get to grips with advanced automated scenarios and explore useful tools such as Microsoft Sentinel, Splunk SOAR, and Google Chronicle SOAR. The final portion of this book will guide you through best practices and case studies that you can implement in real-world scenarios. By the end of this book, you will be able to successfully automate security tasks, overcome challenges, and stay ahead of threats.
Table of Contents (14 chapters)
Part 1: Intro to SOAR and Its Elements
Part 2: SOAR Tools and Automation Hands-On Examples

The Current State of Cybersecurity and the Role of SOAR

Ransomware, data leaks, phishing, denial of service… these are some of the terms that everyone, even those who aren’t in the IT industry, will have repeatedly heard in the last few years. Everyone has received an email from a Nigerian prince or some long-lost rich, relative from Africa at least once. These are basic examples of cyberattacks called phishing attacks, which still have an acceptable success rate. If we were to talk about more tailored phishing attacks (common ones being a request to change your password or a notification that your account will be deleted if you don’t click on a link), those have an even better success rate – why is that so? Because bad actors are smart.

The first aspect to consider is that they will use many techniques to make their email seem as legitimate as possible, and the second, which is not connected to IT, is the psychological part. The psychological part manifests itself in a few different ways. It can be someone pretending to be your boss (using spoofing methods), an email containing a sense of urgency, or an email sent at the end of working hours when employee concentration is at its lowest. Because of this, organizations are on the lookout for more advanced systems to help them respond to these in a matter of minutes. That is where Security Orchestration, Automation, and Response (SOAR) comes in to save the day.

In this chapter, we will cover the main aspects of changes within cybersecurity and how those changes impact our everyday lives. A few years back, cyberattacks mainly impacted organizations, but today, their impact is felt by ordinary people as well. And this is something that will not change overnight. As one way of fighting back and improving their security posture, organizations can use many security tools. One of them is SOAR, and we will explain why SOAR is a must in every organization today.

In a nutshell, this chapter will cover the following main topics:

  • Traditional versus modern security
  • The state of cybersecurity
  • What is SOAR?