Professional Documents
Culture Documents
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
SOAR makes your workflows faster,
more accurate, and repeatable
Enterprises worldwide face serious challenges in identifying and
mitigating emerging and evolving threats—in both on-premises systems
and cloud environments like Amazon Web Services (AWS)—due to scarcity
of IT and security personnel, skills, and other resources.
In this ebook from SANS and AWS, you’ll learn how SOAR helps
organizations streamline security and improve defenses against cyberattacks,
as well as how to realize the benefits of implementing SOAR.
2
What is SOAR?
SOAR is a set of integrated software applications that make it possible to collect data How is SOAR a new
on security threats and respond to security events—with little or no human interaction. approach to security?
• Security: Restricting a system to its intended use and protecting the confidentiality, While automation development
integrity, and availability of that system
is designed to work with
• Orchestration: Coordinating between many different systems systems operating normally
and predictably, cybersecurity
• Automation: Performing a task with minimal human interaction
deals with systems that are
• Response: Reacting to problems in information systems; often incident response behaving unexpectedly and are
or incident handling deviating from intended or
A key finding in a recent Gartner report shows that SOAR is becoming a popular authorized actions.
enabling technology in managed security services and is already a key element
in a majority of managed detection and response (MDR) services.1
Handling the unexpected
requires a distinct approach
to automations, and SOAR
tools are designed to help
cybersecurity professionals
construct these automations.
1
“Market Guide for Security Orchestration, Automation and Response Solutions,” Gartner, June 13, 2022.
3
3
How security organizations can
realize the full benefits of SOAR
SOAR is not a new concept, but it is an entirely new way of working that requires a notable
shift in organizational culture. Fortunately, recent technological developments make it
easier to reap the benefits of SOAR-written automations despite the challenge of staff
shortages. Here’s how.
4
UC Davis uses Sumo Logic SOAR to accelerate
threat response and improve SOC efficiency
As a top-tier research university, the University of California, Davis, deals with a host of unique
security challenges. The UC Davis campus is home to students, educators, and research professionals
pursuing a variety of activities, from conducting federally-funded research for government agencies
like the Department of Defense to streaming Netflix in on-campus housing.
“We were able to take our
The Challenge operations to the next
UC Davis needed to be liberal with open-access policies that support research across departments and users, level by going down the
but also needed to be airtight in their security policies and procedures to protect from potential attacks. SOAR route. Sumo Logic
The Solution Cloud SOAR was really
Sumo Logic Cloud SOAR now acts as the main control plane for UC Davis security operations center instrumental—it fits the
(SOC) workflows. Sumo Logic supplied the missing piece in their SOC workflows as it runs on-premises, university perfectly.”
works with all the existing technologies UC Davis uses, and satisfies their security requirements.
— Jeff Rowe,
The Results Security Architecture
UC Davis seamlessly orchestrated disparate technology and tools for better SOC workflows. The team for UC Davis
also reduced response times to cybersecurity threats. Sumo Logic was able to minimize the time the .
school spent triaging thousands of alerts hourly, which reduced alert fatigue. Automation helped the
UC Davis SOC cope with the large—12,000+—investigation workload. And over and above, Sumo Logic
Cloud SOAR brought the flexibility to implement new, custom logic effortlessly by editing the
implemented use cases with only a few clicks. Today, UC Davis is transitioning to SOAR for all its
standard SOC workflows.
.1
Sumo Logic empowers the people who power modern, digital business. Through its SaaS analytics platform, Sumo Logic enables
customers to deliver reliable and secure cloud-native applications. The Sumo Logic Continuous Intelligence Platform™ helps
practitioners and developers ensure application reliability, secure and protect against modern security threats, and gain insights into
their cloud infrastructures. Customers around the world rely on Sumo Logic to get powerful real-time analytics and insights across
observability and security solutions for their cloud-native applications. Learn more, or visit www.sumologic.com.
5
IBM SOAR helps BJ’s Wholesale
increase visibility and response time
BJ’s Wholesale is a leading operator of membership warehouse clubs offering
groceries, general merchandise, gasoline, and ancillary services in 235 clubs across
18 states. The BJ’s shopping experience is further enhanced by its omnichannel
capabilities, tasked with safeguarding the data of 6.5 million members.
The Challenge
BJ’s Wholesale needed to refocus their SOC team on high-level investigations instead
of monitoring visibility on multiple integrations, including logs from AWS CloudTrail,
Amazon GuardDuty, Amazon EC2, Amazon S3 buckets, Amazon Route 53, and AWS
Identity and Access Management.
The Solution
BJ's is now able to control the network traffic by correlating Amazon EC2 integrations
with Amazon GuardDuty alerts that are being logged through IBM QRadar SIEM. IBM
QRadar SOAR then automates the threat remediation process by streamlining manual
and repetitive tasks such as incident enrichment, leveraging a wide array of threat-
intelligence integrations.
The Results
By deploying IBM QRadar SOAR, BJ's Wholesale reduces time to respond and
remediate to complex cyberthreats, decreases siloed workflows between teams,
and automates repetitive tasks through the remediation process.
.1
IBM Security—Savvy companies know that in today's data-driven, highly distributed
world, there are serious threats that must be addressed head-on. IBM Security delivers
an integrated system of analytics, real-time defenses, and proven experts, so you can
make strategic decisions about how to safeguard your business. Learn more
6
Improve your security posture
even without a sophisticated SOC
If your organization oversees cybersecurity but isn’t an operational SOC, you should
consider effective ways to drive toward repeatability, accuracy, precision, expedience,
and stable transitions. Any gaps in headcount and advanced technical skills you might
have can be remedied and overcome by the SOAR tool.
As you’ve seen with UC Davis and BJ’s Wholesale, implementing SOAR helps
organizations improve SOC workflows, increase visibility to cyberthreats, and reduce
response times to attacks. Find more examples of SOAR in action as well as sellers
with products and services to address your security needs in AWS Marketplace.
7
AWS Marketplace
Simplify the procurement, provisioning, and governance of third-party software, services, and data.
* Amazon Web Services (AWS) Marketplace surveyed 500 ITDMs and influencers across the US to understand software usage, purchasing, consumption models,
and compared savings.
8
Getting Started
To help govern purchasing, you can establish Private Marketplaces to control which products
users in your AWS account can purchase from AWS Marketplace. This can help ensure that
products purchased comply with your organization’s internal policies.
You can also purchase software solutions in AWS Marketplace directly from Consulting Partners
who have industry expertise and can offer specialized support. Many Consulting Partners offer
both software and professional services on AWS Marketplace to provide you with comprehensive
solutions via a fast and friction-free purchasing experience.
– Stephen Pearson,
Head of IT Vendor Management,
Agero
9
AWS Marketplace
Product Overview | Data Sheet Product Overview | Data Sheet Get connected with a solutions architect
who can share best practices and help
solve unique challenges
1-Minute Webinar
10