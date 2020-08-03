Rising Cyberthreats Accelerate Demand for SOAR Solutions
August 3, 2020
SOAR, partnered with Infoblox data, can help organizations efficiently respond to the rising number of cyberthreats.
Today, 92% of companies get more than 500 cyberthreats alerts per day, but a single security analyst can handle only about 10. As the number of cybersecurity threats facing companies has risen, so too has the demand for professionals to address them.
In fact, the global IT security skills shortage has surpassed 4 million open positions, according to ISC2. Given that so many cybersecurity jobs go unfilled, there are simply not enough humans to keep up with the huge number of alerts. Your customers need integrated and automated security solutions to keep up and respond to threats efficiently. Together with Infoblox, analysts at Forrester recently studied this issue and issued a white paper on the topic. As the researchers found:
● 74% of security operations teams spend more than 4 hours investigating a single threat incident.
● 58% of security and risk leaders use a mix of manual and automated incident response processes.
● Only 31% of incident response processes are automated.
———————————-
Download the Accelerate Threat Resolution With DNS white paper by Forrester here.
———————————-
Infoblox’s foundational security solutions are packed with over 30 partner integrations, including with SOAR platforms, and offer a great way to help our mutual customers overcome the challenges of rising cyberthreats with the resources they have today.
According to Gartner, SOAR (Security Orchestration Automation and Response) solutions are those that enable IT security to reduce the incident response time by taking mitigation actions using automated workflows. They work by integrating security products that detect security incidents with products that can respond to these incidents using automated scripts/APIs.
SOAR to Speed Up Incident Response
IT security organizations are looking to improve threat detection efficiencies and speed up incident response by replacing repetitive manual tasks with automated workflows. This helps them focus their security analysts’ limited attention on the tougher security problems that truly require their deeper analysis and triage skills.
SOAR solutions represent a substantial leap forward in cybersecurity by automating the mundane mitigation tasks required to reduce the time it takes to respond to an incident. It includes a combination of technologies that provide the following types of functions, as shown in Figure 1, below.
● Security Orchestration and Automation (SOA): technologies that handle the orchestration and automation of workflows using scripted playbooks, processes, and policy execution, and that enable reporting.
● Security Incident Response (SIR): enables organizations to apply some form of enforcement to mitigate the threat. Some may lock out a user whose credentials have been compromised or quarantine an infected laptop that’s beaconing to a C&C server.
● Threat Intelligence Platforms (TIP): take one or more threat feeds and curate them by analyzing further to look for unusual patterns and mine valuable data that’s used to respond to a threat.
Figure 1
Infoblox Contextual Intelligence
To fully deliver the promise of SOAR, IT teams need contextual data and precise visibility into the rogue user/system/device’s network activity. This data is obtained from the deep contextual intelligence gathered by the network infrastructure services – Domain Name Service (DNS), Domain Host Control Protocol (DHCP), and IP Address Management (IPAM) in the Infoblox DDI platform – collectively referred to as DDI.
As shown in Figure 2, Infoblox can provide SOAR solutions with crucial device and security event information automatically and in real time. Any SOAR platform can use IP address, network device, and malicious event data provided by Infoblox DDI to block or unblock domains; check information on IP, host, network, and domains; or share with other security tools in the stack.
Figure 2
The Infoblox BloxOne™ Threat Defense security solution enables threat intelligence sharing throughout the security stack and delivers many unique automation capabilities. Moreover, it also integrates with a number of partner solutions, including SOAR solutions, to help modern security stacks better coordinate to address the realities of modern security requirements.
Infoblox Partner Integrations Powering SOAR Solutions
Infoblox Ecosystem Exchange is a set of partner integrations that enable organizations to eliminate silos, optimize SOAR solutions, and improve the ROI of their cybersecurity ecosystem of products provided by a number of vendors.
Infoblox offers more than 30 API-level partner integrations, as shown in Figure 3, below, enabling IT security and network teams to reap the following benefits:
● Reduce cost associated with manual intervention and human errors
● Decrease the time to remediate by two-thirds with automated API-based response
● Make threat analysts three times more productive by providing contextual intelligence
● Get better ROI on existing security and network investments
● Optimize SOAR solutions by automatically sharing contextual threat information
Figure 3
———————————-
Infoblox’s extensive integrations enable the broader cybersecurity ecosystem to work in unison to detect and remediate threats. Read this Solution Note on the Infoblox Ecosystem to learn more about the 30-plus API-level vendor integrations that Infoblox offers to expedite automated threat response.
———————————-
The Infoblox Ecosystem Exchange is a highly connected set of integrations that enable organizations to eliminate silos, optimize SOAR solutions, and improve the ROI of their entire cybersecurity ecosystem, including third-party, multivendor assets. As security and risk leaders continue to defend IT infrastructure from the rising number of cyberthreats, SOAR solutions, coupled with Infoblox data, can prove to be an indispensable tool that can help stretch your customers’ limited resources even further.
Srikrupa Srivatsan has 20-plus years of experience in technology in various roles including software development, product management, and product marketing. Currently, as director of product marketing at Infoblox, she is responsible for messaging, positioning, and bringing to market Infoblox’s security solutions that optimize operations and provide foundational security against known and zero-day threats. She has an MBA from University of California, Haas School of Business, and a Computer Science Engineering degree.
