Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
We Want Robots to Do
(Part of) Our Job
We Want Robots to Do (Part of) Our Job
Achieving Security Operations Efficiencies Through Security Automation and Orchestration (SAO)
We've all heard that the robots are coming. They are vacuuming, operating machines, taking fast food jobs and eliminating checkout clerks. However, in the field of cyber security, robots are late.
The job of an information security analyst today is rife with repetitive, sometimes mundane tasks that are performed based on the analyst's best practices. The operations team as a whole doesn't have it much better. Over the course of budget cycles, organizations have acquired new tools, new solutions and new platforms. Many are fully functional, some haven't yet been deployed and very few are integrated with the rest of the security infrastructure.
Security practitioners have lagged behind others in fields such as information technology in embracing integrated and automated operating environments. Aside from the manufacturing industry, the originator of integrated and automated workflows, the modern business environment began down the path of integration in the early 1990’s when the Object Management Group released the Common Object Request Broker Architecture (CORBA) standard.
This gave rise to several software companies that sold products to assist in codifying business processes and integrating systems throughout the environment. Outside of IBM, Oracle and SAP, think of the integration broker software companies IONA, SeeBeyond Technology and webMethods. Fast forward to 2014, Security Automation and Orchestration (SAO) companies Phantom and Hexadite were founded, with Demisto following close behind in 2015. Other players are quickly jumping in; Exabeam, known for their User and Entity Behavior Analytics (UEBA) platform, introduced an automation module last year.
It is easy to point towards information overload as the primary driver for security automation. Defense in depth is commonly practiced by organizations with mature and maturing security programs. This guiding principle is in place due to the fact that the controls present in a single security product do not completely cover the range of controls required by an organization to properly secure an environment or meet compliance requirements. Security solutions emit alerts and multiple security solutions create an abundance of those alerts.
Understaffed security operations teams suffering from information overload isn’t the only problem. The disparate collection of security solutions in enterprise environments provide alerts without context. Triaging these events involves several repetitive, low value tasks that grow exponentially with each new alert. Human error and oversight increases as the backlog of alerts pending triage grows.
Several solutions that attempt to address these problems have come to market.
Optiv's Partner Research and Strategy team chose to focus on solutions in which the primary function is the automation and orchestration of actions between disparate systems. Organizations will always have an increasing amount of data relative to staffing levels and department budgets.
In the E is for Efficiency white paper, Optiv and Momentum Cyber address increasing security operations efficiencies through SAO solutions and services. These will see increased demand as organizations continue to operationalize their security infrastructure through integrations. Security operations and incident response teams will utilize SAO to gain efficiencies over manual processes, to build consistent processes, and to maximize the value of the existing tool-base.
Automation and orchestration can connect disparate security solutions, and provide use cases that demonstrate the successful outcomes that are possible when security solutions are integrated. Once these gains have been realized, to maintain operational efficiencies, organizations should embrace continuous security validation.
SAO tools are rapidly being included into traditional SIEM/analytics feature sets. The benefits of implementing these tools can include threat prioritization, capability amplification, labor reduction, and consistent workflow. In fact, according to Momentum Cyber: Cybersecurity Snapshot, April 2018, by 2020, 15 percent of organizations with a security team larger than five people will leverage SAO tools, up from less than 1 percent today.
For an in depth look at SAO and additional means to achieve a more efficient security operations team with automated analysis, triage and remediation, download our E is for Efficiency white paper, co-written with Momentum Cyber.
Let us know what you need, and we will have an Optiv professional contact you shortly.