1. Why is Multi-Domain Orchestration so material to effective Security Automation?
The first wave of SOAR solutions stems from pure players in the security space, such as Managed Service Security Providers (MSSPs), focusing exclusively on the needs of a Security Operations Centre (SOC). These solutions integrate the business functions needed for security remediation as well as the surrounding security services management. In other words, they integrate Security Information and Event Management (SIEM) with customized Business Process Management (BPM) playbooks. The automation processes that relate to infrastructure (i.e. policy provisioning) typically need vendor-specific management modules for network and element management (NMS/EMS). This means that implementing a security remediation scenario across these external systems would typically require outside help that, in turn, introduces new risks and threats.
This limits the addressable automation scope of the current SOAR solutions. The cloudification of IT, the emergence of Edge Compute and IoT are fueling this integration need. These will make it harder to keep a clear demarcation line between the historic security silo and the newer converged infrastructure technologies. As infrastructure is consumed more as a continuum, security remediation strategies may include a number of reroutes that will have the need to reconfigure devices outside the security domain, change QoS policies, load-balancing rules, or activate failover links. The possible scenarios are endless, but an effective security automation solution needs to address them all.
2. How do we turn SOAR into “I-SOAR”?
Meet the MSActivator DevSecOps framework!
At UBiqube we have developed an ‘abstracted’ activation layer that makes it easy for trained engineers to create adaptors for each and every vendor and system a process could call. This frees the ‘Automation process’ designer to implement any remediation scenario across security and non-security domains without limitations from any infrastructure or a specific vendor. This paves the way for new DevSecOps best practices with greater automation, lower costs and most importantly, greater security! Abstraction is at the core of MSActivator, which provides both a full security orchestration and automation environment as well as documented APIs for integration with other tools. Developers with different expertise can focus on the different areas of business process automation and system integration to deliver a single automation solution for their IT environment and with full vendor neutrality.
Do you have any questions? Feel free to get in touch