Security operations teams that continue to rely on manual processes are squarely sitting behind the proverbial eight ball. The times are a-changing – only hurried along by the COVID-19 pandemic – and Forrester’s Joseph Blankenship and Chase Cunningham are here to share their perspective on the future of the SOC as part of a four-part series with Siemplify.
Part 1 examined the inherent need for automation inside the SOC, collaboration challenges brought on by remote working and how the much-maligned infosec talent shortage may have more to do with an excess of security tools than a dearth of skilled personnel.
Part 2 (watch below) reveals how orchestration and automation intertwine with an organization’s broader security efforts. Specifically, Blankenship and Cunningham review SOAR being included and mapped into two commonly used and venerable models: Zero Trust, which was conceived 12 years ago by Forrester, and the MITRE ATT&CK Framework, a repository of adversary techniques and tactics contributed by security professionals globally. The pair describes the actionable value of automation and orchestration being a part of Zero Trust and share best practices for translating MITRE ATT&CK into something that is operationally useful.
Part 3, coming next week, will walk through a real-life ransomware response scenario that was coordinated through SOAR technology.