How to Soar Your Business with SOAR
Nine out of 10 IT and security leaders believe their organizations are falling short in addressing cyber risks, according to IDG’s 2021 Security Priorities Study.
As a result, they’re increasingly outsourcing security to managed services providers who can provide the expertise that may be missing due to skills and talent shortages. In fact, 21% of organizations will have fully outsourced their security functions by 2022.
They’re also implementing proactive security strategies and tools, such as zero trust and SOAR. SOAR is security orchestration and automated response and, according to Gartner, it refers to solutions that:
“…combine incident response, orchestration and automation, and threat intelligence (TI) management capabilities in a single platform. SOAR tools are also used to document and implement processes (aka playbooks, workflows and processes); support security incident management; and apply machine-based assistance to human security analysts and operators. Workflows can be orchestrated via integrations with other technologies, and automated to achieve desired outcomes, such as:
- Incident triage
- Incident response
- TI curation and management
- Compliance monitoring and management
Ongoing issues: Fewer resources, increasing attacks, multiple tools
The problems for today’s organizations are immense. The Ponemon Institute’s 2020 Cyber Resilient Organization Study reports that, on average, organizations deploy 45 cybersecurity tools on their networks, creating a complexity that hinders their ability to detect and defend against active attacks. When compared to companies employing fewer tools, organizations that deploy 50+ tools ranked themselves 8% lower in their ability to detect threats and 7% lower in their defensive capabilities.
In addition, organizations continue to struggle with an ongoing dearth of security talent. Analysts estimate that, by 2025, 3.5 million cybersecurity jobs will go unfilled globally.
This already massive talent shortage is being exacerbated by pandemic-related attrition. Recent research suggests that half of first-time security analysts plan to leave after just three months; and none plan to stay longer than 18 months. Why?
- Mundane tasks (51%)
- Frustration with events outside their control (45%)
- Inability to allocate time effectively (30%)
- Pressure cooker environment (29%)
The attrition problem isn’t just limited to junior analysts, however. Nearly half (48%) of more seasoned security analysts are considering leaving within the year due to:
- Reduced workforce fueling increasingly high workloads (46%)
- On-the-job pressures (42%)
- More time spent on non-productive tasks (40%)
- Disrupted work-life balance (34%)
Just getting back to pre-pandemic levels would require herculean effort.
This considerable draining of cybersecurity competency has resulted in many fewer resources to combat increasing numbers of attacks using many more tools.
The value of SOAR platforms
Mitigating talent and skills gaps and ongoing attrition issues is precisely where SOAR can help. Coupled with zero trust, SOAR combines the data coming from multiple tools to condition that “if this happens,” an automated response “to do this” occurs.
One particularly common use case for SOAR tools is email, through which a large majority of breaches occur. If phishing is suspected, a SOAR platform can determine who’s already opened the suspicious email, enabling you to do further investigation. You can then isolate and delete any unread emails from inboxes before users can open them. By finding and cataloging the problem, an automated action can limit the potential for attack spread and reduce risk to the organization.
The value of SOAR is easy to see. When people and processes are scattered, mistakes happen. But if you can reliably put processes in place, especially for those critical processes where mistakes present great risk to your organization, you can automate the right action to take every time. In essence, SOAR allows you to standardize your response and reliably deliver a predictable outcome for dealing with compromise or other related cyberattacks.
Opportunities for managed services providers
SOAR solutions continue to gain acceptance, according to the recent IDG study. Nearly half (49%) of security professionals are researching or piloting a SOAR platform to coordinate the information produced by multiple security tools and automate their analyses and protective responses. That means greater opportunities for you.
In fact, a recent Forrester survey found that 44% of IT decision-makers said that their IT services providers have helped them overcome security issues. These IT leaders also believe that IT services providers offer the most up-to-date expertise to meet compliance requirements and stay ahead of evolving security concerns.
Because we’re still in the early going with SOAR solutions, developing your expertise now is essential to helping IT leaders understand how to automate and orchestrate their security processes. Gartner recommends detailing IT leaders’ business requirements for using a SOAR tool and then leading with incident and case management, followed by playbook development and workflow automation and orchestration.
They also recommend putting processes in place before launching into automation projects, which may be another opportunity to lend your expertise to clients.
As most security teams are focused on managing the threats in front of them, ensuring their security posture is airtight requires time and expertise — both of which are in short supply right now.
Growing and maintaining your security competency with TD SYNNEX
Whether you already have a security practice in place or you’re growing one, TD SYNNEX offers programs and services to help you and your customers meet your growing security needs. We can help you become — and remain — the expert that customers need now to ensure they’re protected for the future.
For example, our Cyber Range offers a new Passage Program to help bridge the skills gap for both upcoming (Placement Initiative) and established (Upskill Initiative) cybersecurity professionals using hands-on experience, professional consulting and career placement.
Contact your TD SYNNEX business development manager to learn more about the Passage Program and how you can shore up your defenses — and be better prepared to protect your customers.