The brain of the SIEM and SOAR

2020-10-13 04:30

Because many organizations already have a SIEM, it seemed reasonable for the SOAR providers to start with automating the output from the SIEM tool or security platform console.

So: Security controls send alerts to a SIEM > the SIEM uses rules written by the security team to filter down the number of alerts to a much smaller number, usually 1,000,000:1 > SIEM events are sent to the SOAR, where playbooks written by the security team use workflow automation to investigate and respond to the alerts.

SOAR investigation playbooks attempt to contextualize the events with additional data - often the same data that the SIEM has filtered out.

An XDR engine, powered by Bayesian reasoning, is a machine-powered brain that can investigate any output from the SIEM or SOAR at speed and scale.

The XDR layer is an addition to a company's cybersecurity strategy that will most effectively use SIEM and SOAR, giving all those nerve signals a genius brain that can sort them out and provide the context needed in today's cyber threat landscape.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/zy6SA2Gb-Fo/

#siem #soar