www.AmericanSecurityToday.com July 2020 - Edition 46
SIEMs but include workflow
automation to enable information
exchange and playbook ex-
ecution.
These workflows can include
sharing information with firewalls,
EDR solutions, Network Ac-
cess Controls (NACs), SIEMs, and
others.
This level of automation can
help reduce information shar-
ing time and the potential for
human error while resulting in
significant improvements to
both attack recognition and re-
sponse time.
It is notable that at the Gartner
2019 Security Summits that Gor-
ka Sadowski, , Senior Director
Analyst, highlighted the use
case of deception in SOAR plat-
forms, , driven by the fidelity of
the alerts and the readiness for
automation.
Prompt Remediation and
the Restoral of Services are
Critical
Detecting, responding, and
quickly recovering from an inci-
dent are critical for ensuring un-
interrupted business operations.
Adding automation can be ex-
tremely valuable for reducing
the time needed to detect and
resolve alerts, , creating a frame-
work for consistent and repeat-
able processes, , optimizing the
utilization of resources, , and
reducing the need for human in-
tervention.
It also comes with the benefit
of unifying security tools and
workflow operations.
32