Integrated SOAR (Security Orchestration Automation and Response)

At UBiqube we believe that a Holistic Multi-Domain Orchestration Strategy must be used to automate Security related Processes. Accelerating convergence of different technologies such as Cloud, 5G, IoT and Edge makes it costly, inefficient and unsafe to continue treating security processes separately. Automation of IT network, computing and storage infrastructure is a fundamental part of digital transformation and so it is natural to embrace SOAR to automate IT security processes. However, for SOAR to emerge as a comprehensive solution for the future, it will have to integrate remediation scenarios that cross many domains, such as Cloud, IoT and 5G. In other words, SOAR needs to be part of, and not separate from, technology convergence. This is what we advocate at UBiqube. We call it I-SOAR, for ‘Integrated SOAR’. Here is why and how:

Try MSA Download Whitepaper
isoar header
ISOAR-user-DEV.png

1. Why is Multi-Domain Orchestration so material to effective Security Automation?


The first wave of SOAR solutions stems from pure players in the security space, such as Managed Service Security Providers (MSSPs), focusing exclusively on the needs of a Security Operations Centre (SOC). These solutions integrate the business functions needed for security remediation as well as the surrounding security services management.  In other words, they integrate Security Information and Event Management (SIEM) with customized Business Process Management (BPM) playbooks. The automation processes that relate to infrastructure (i.e. policy provisioning) typically need vendor-specific management modules for network and element management (NMS/EMS). This means that implementing a security remediation scenario across these external systems would typically require outside help that, in turn, introduces new risks and threats. 


ISOAR-user-OPS-B.png

This limits the addressable automation scope of the current SOAR solutions. The cloudification of IT, the emergence of Edge Compute and IoT are fueling this integration need. These will make it harder to keep a clear demarcation line between the historic security silo and the newer converged infrastructure technologies. As infrastructure is consumed more as a continuum, security remediation strategies may include a number of reroutes that will have the need to reconfigure devices outside the security domain, change QoS policies, load-balancing rules, or activate failover links.  The possible scenarios are endless, but an effective security automation solution needs to address them all.

ISOAR-Framework.png

2. How do we turn SOAR into “I-SOAR”? 
Meet the MSActivator DevSecOps framework!


At UBiqube we have developed an ‘abstracted’ activation layer that makes it easy for trained engineers to create adaptors for each and every vendor and system a process could call.  This frees the ‘Automation process’ designer to implement any remediation scenario across security and non-security domains without limitations from any infrastructure or a specific vendor. This paves the way for new DevSecOps best practices with greater automation, lower costs and most importantly, greater security!  Abstraction is at the core of MSActivator, which provides both a full security orchestration and automation environment as well as documented APIs for integration with other tools. Developers with different expertise can focus on the different areas of business process automation and system integration to deliver a single automation solution for their IT environment and with full vendor neutrality.

See more MSA use cases

data centre blue

SDDC Infrastructure

blue-Multicloud.svg

Multi-Cloud

blue-SDWAN.svg

SD-WAN

automated-security-blue.svg

Automated Security Process

Blue-Orchestrated.svg

Orchestrated Network

blue-5G.svg

5G/Edge Computing

Do you have any questions? Feel free to get in touch