How to empower your SOC with integration & automation

Automation and integration are key to dealing with ever-growing numbers of security alerts. Cisco’s SecureX allows organisations to automate existing security infrastructure.

gettyimages 913641726

The average Security Operations team is estimated to receive tens of thousands of alerts every day. Even if just a small sliver of those alerts requires investigation, every second counts in order to ensure any possible real incident is found, contained, and remediated as quickly as possible.

But 76% of organisations claim that threat detection and response is more difficult today than two years ago, according to recent ESG research. Externally, these challenges are driven by an evolving threat landscape and a growing attack surface while internally security teams are overburdened with unintegrated technology that is slowing down their ability to react. A survey* of Security Operations Center (SOC) professionals found that 70% of them investigate more than 10 security alerts each day, up 45% on the previous year, and most alerts require at least 10 minutes to investigate. 

Too many tools, too little integration

Part of the challenge around incident response lies in a large and siloed toolkit. The number of tools security teams use continues to rise, with 60% of organisations now using more than 25 different security products, while 31% have more than 50 tools at their disposal. Manually operated, disparate security technologies can end up being more of a hindrance than a benefit because too many tools can increase the workload and time taken to investigate and respond to alerts, and create chokepoints as SecOps, NetOps and ITOps teams try to collate information and collaborate.

According to the 2020 Cyber Resilient Organisation Report** from Ponemon and IBM, companies with more than security 50 tools ranked 8% lower in the ability to detect and 7% lower in the ability to respond to a cyberattack compared to companies using less than 50 tools.

In the face of expanding threat landscapes and growing toolsets, companies are looking for new ways to create deeper and more efficient ties between people and technology in order to speed investigation and response. ESG found 64% of organisations say it is critical that products integrate with other security technologies, while a 2020 SANS study found that 58% of companies are planning to automate a key security or incident response process within the next 12 months.

Automation is key to better response

Organisations understand the value of integration and automation. Over a third (38%) of organisations in Cisco’s 2021 Security Outcomes Study said it was important to use automation effectively, while 37% highlighted the need for well-integrated technology, and both were listed as major contributors to the success factors for not only keeping up with the business and its goals but also a key driver of cost and response efficiency.

Cisco SecureX: automate your existing security infrastructure

One solution that makes use of existing integration capabilities and simplifies automation is Cisco SecureX. SecureX provides an integrated security platform that ties in with Cisco’s existing security product portfolio as well as other security tools, to create a single dashboard from which companies can observe and respond to alerts. Providing a single unified point from which to observe security across network, endpoints, cloud, and applications, the platform enables automation without the need to replace current security infrastructure or layering on new technology.

Its integration capabilities enable security teams to collaborate with one another as well as NetOps and ITOps teams, and can help reduce investigation tasks by 72% and shorten the time spent on threat hunting.

SecureX offers built-in, pre-packaged, or custom integrations for both a connected back-end architecture and consistent front-end experience. A customizable dashboard includes operational metrics, visibility into emerging threats, as well as aggregating and correlating global intelligence and local context in one view. When it comes to response, an always-on ribbon allows you to share and maintain the context around incidents in one location when navigating consoles, while a no-/low-code, drag-and-drop canvas enables team to create their own workflow to speed processes and automate routine tasks.

Secure is a value-add every Cisco Secure customer is entitled to that can unlock new potential from your existing security investments and infrastructure through out-of-the-box interoperability. And it is already delivering for customers; TechValidate has found that over half of Security Operations teams saved 4-6 hours a week for threat response and management. Tim Woodhouse, IT Manager at distribution firm Master Distributors, said SecureX  ‘validated why he chose Cisco in the first place’,  while Wipro Security Officer Indranil Sarkar said it “really eased the threat hunting work” for his customers.

Learn more about SecureX and the value it can bring to your organisation’s security operations.

survey of Security Operations Center (SOC)
**2020 Cyber Resilient Organisation Report


Copyright © 2020 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations