582 words, 2.2 minutes read. By Gerard Blokdyk
Security Orchestration Automation and Response 1 big thing: Design efficient content models, security models, workflows and templates.
The big picture: Secure that your team is involved in presentation of information security to diverse group of non security professionals in IT settings and/or stakeholders.
Why it matters: Work with a development team to translate those needs into clear problem solution statements in the form of user stories and designed user experiences.
Under the hood: Be sure your team executes and improves the core functions of incident response including: threat detection and prevention, incident response, systems and network security monitoring, forensics and vulnerability management at enterprise scale.
Top Security Orchestration Automation and Response Must Haves
Security Orchestration Automation and Response Executives tell us every quarter about their must haves.
Here are their most urgent ones:
Learn the Top Emerging Security Orchestration Automation and Response Risks HERE: store.theartofservice.com/Security-Orchestration-Automation-and-Response-critical-capabilities/
Top thinkers are using The Art of Service Critical Capabilities Analysis, the guide that’s helping leaders stay ahead of what’s next.
This guide will help you plan your roadmap. The Critical Capabilities and Priorities Guide enables leaders to shortlist hundreds of appropriate results, already prioritized.
Get started: store.theartofservice.com/Security-Orchestration-Automation-and-Response-critical-capabilities/
What to watch: Partner with information security team on identifying on prem and cloud infrastructure security risks areas, create the risks mitigation plans and execute them.
State of play: Collaborate with internal and external stakeholders, such as information security, information technology, marketing, product management, engineering (product security), devops teams (SaaS security), and external audit partners.
On the flip side: Oversee that your operation collaborates on the security hardening of onsite services as well as cloud based services as O365, AWS, and Azure.
What we’re hearing: “Make sure the platform gives businesses of all sizes access to hundreds of pre-built automations that combine email marketing, marketing automation, CRM, and machine learning for powerful orchestration, segmentation and personalization across social, email, messaging, chat, and text.“, Alice S. – Cyber Security Services Manager
The backdrop: Lead the design and development of approved Security Service Line Security-as-a-Service Solutions, working with the teams Portfolio Managers to ensure the solutions scope aligns with the business vision.
Go deeper: Assure your process works with (internal) clients IT, software development and enterprise architecture teams to ensure security is foundational and comprehensive throughout product and technology related solutions.
How it works: Utilize automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of your (internal) clients.
Yes, but: Ensure you are able to tune correlation rules and outcomes via security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms.
Between the lines: Ensure you are involved in the design on all levels from core platform configurations to integrations, and automation including driving the user to be self service.
Be smart: Secure that your group is responsible for the joint team effort to normalize data from vulnerability assessment, penetration test, incident response, and application security project deliverables.
The bottom line: Be confident that your design is involved in processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
What’s next: Integrate new logging sources and build playbooks to properly triage and respond to security incidents while reducing the time needed to analyze each event.
ICYMI: Interface so that your operation is involved in core security platforms as SIEM (Security Information and Event Management), SOAR (Security Orchestration Automation and Response), and Endpoint/malware management.
A MESSAGE FROM THE ART OF SERVICE
Get started: store.theartofservice.com/Security-Orchestration-Automation-and-Response-critical-capabilities/
Trusted by: Palo Alto Networks, TransUnion, GuidePoint Security, Amazon Web Services, Inc., Air Methods, Deloitte, EY Global Services Limited prod, ATand T, Ortho Clinical Diagnostics, Exabeam, LPL Financial, GE Renewable Energy, Amex, First Quality, USAA, Netsmart Technologies, Microsoft, KPMG, Dell Technologies, Confluent, Leidos, Vertex Pharmaceuticals, Disneyland Resort, UST Global, IDC, Credit Suisse, OnPrem Solution Partners, Comcast, Northrop Grumman, Charles Schwab