The Transformational CISO’s Guide to Security Orchestration, Automation, and Response
strategic helps businesses innovate and thrive.
Business leaders need transformational security teams
(CISO) is changing.
(CISO) is changing.
Like CIOs and CTOs before them, CISOs are evolving from
contributors with a limited portfolio of responsibility to highly
integrated and strategic drivers of business transformation.
The most successful organizations are recognizing that
genuine digital and business transformation depends on
security modernization.
PwC found that 40 percent of executives are
seeking CISOs capable of leading cross-functional,
agile teams that are not only keeping pace with
digital transformation, but, in many cases, pointing
the way forward.
A survey conducted for the Information Security
Systems Association revealed that security
professionals worldwide ranked communication and
leadership skills as the most important traits of a
successful CISO.
The four qualities executives value the most:
1 Strategic thinking
2 The ability to take smart risks
3 Leadership skills
4 The ability to identify and grow innovation
The ISSA survey also found that a majority of security
analysts want to take on more strategic roles, and they
recognize that they will need to develop leadership,
communication, and business skills to become leaders
of growth and transformation.
Change is the one constant in cybersecurity. Orchestration and automation help us respond to the relentless evolution of threats. We can’t wait for the next threat. We need to seek it out.
Security analysts know they need more than technical skills to become organizational leaders
day-to-day realities of too many alerts and too few people to respond.
From overwhelmed to in control
Nearly a third of cybersecurity professionals told the ISSA that keeping up with an “overwhelming workload” was the most stressful part of their job. That overwhelming workload can be counted in the hundreds — even thousands — of alerts per day that demand prioritization, investigation, and response.
The top three causes of uninvestigated alerts
What is preventing your organization from investigating and responding to ALL suspicious
alerts every day?
The challenge of unending alerts is compounded by a shortage of cybersecurity talent. There simply aren’t enough qualified cybersecurity professionals to adequately staff SOCs around the world. This well-documented talent gap, combined with the sheer volume of alerts per day, explains why 64 percent of security tickets generated per day are not being worked. Analysts aren’t able to address every alert every day, leaving their companies vulnerable to attack.
of daily security alerts are unaddressed
With security teams struggling to keep up with alerts, CISOs can’t provide strategic guidance and analysts don’t have the time to perform critical engineering and optimization tasks, tune automated alert responses, and proactively hunt for threats.
The answer to these challenges is security orchestration, automation, and response (SOAR).
SOAR platforms, like Splunk SOAR shift the balance of power in security. By removing mundane and routine tasks from the analyst’s to-do list, and by orchestrating security tools to work together, security teams can spend more time improving the organization’s security posture and driving the business forward.
of daily security alerts are unaddressed
Automate your Security Operations
A day in the life of an analyst
Toggle below to see what it’s like to manage incidents with and without SOAR
The ROI of SOAR
By one estimate, the annual cost of stopping phishing
attacks is nearly $700,000. The cost of ransomware can
also be expensive and cause lasting reputational
damage. SOAR saves time and money. The amount of
time saved is measured in the manual workload
equivalent of a full-time employee. For example, with a
SOAR platform, a team of three analysts in a SOC can
have the impact of a team of 10 to 15 analysts that
perform all tasks manually.
There’s going to be a point when you’ll be overwhelmed with the amount of work that exists and won’t be able to hire more people. Automation is the only solution.
The Splunk SOAR main dashboard provides
security teams with an overview of SOC activity,
notable events, and playbooks, and a summary of
return on investment from automated actions. The
Automation ROI Summary shows the real-time impact
of automation as the SOC uses it, such as time
saved, dollars saved, FTE (full time employees)
gained and mean dwell time.
Norlys: success with SOAR
With 1.5 million customers, Norlys is Denmark’s largest utility and telecom company. After building their own log analytics and incident response systems, the Norlys security team was hobbled by repetitive tasks, too many tools, slow webUIs, and cumbersome processes. With Splunk, Norlys automated repetitive tasks and centralized investigations.
The results:
- 35 hours of work saved per week
- 30 seconds to complete processes that once took 30 minutes
- 98% less time to open tickets
The top five boring tasks that Norlys automates:
- 1Forwarding notables from Splunk ES to SOARFrom 3 minutes to 2 seconds with automation
- 2Automating investigation upon AV alertsFrom 40 minutes to 10 minutes with automation
- 3Automating investigation upon IOC hits from threat feedFrom 15 minutes to 10 minutes with automation
- 4Automating the process of obtaining browser historyFrom 30 minutes to 20 seconds with automation
- 5Automating ticket opening to external systemsFrom 10 minutes to 10 seconds with automation
Modernize security to transform your business
For CISOs to be the strategic partner businesses need,
and for security analysts to find opportunities for
professional development, orchestration and automation
are essential. Splunk SOAR allows security teams to
realize the full potential of investments in security tools
and security talent.