Demystifying SOAR: How PJ Networks Uses Fortinet for Automated & Orchestrated Security Response

In today’s rapid-moving era of digital technology, security orchestration automation and response (SOAR) has become critical for companies that would like to be proactive in the face of cyber threats. “We are deploying Fortinet’s enterprise grade SOAR technology, FortiSOAR, which will completely change the way we do business and respond to incidents in our SOCs [security operations centers] at PJ Networks. If you are wondering how SOAR will increase the security efficiency of your organization, eliminate the manual work, and accelerate incident response, then this blog post is for you!

Fast (Security is Important)

Everyday, cyber attacks are becoming more and more frequent and complicated. Sitting around too long, or using slow, manual methods can be expensive however – and I don’t simply mean in financial terms, but also in reputation damage and data loss. The truth is security teams are frequently overwhelmed.

You may have a SOC chock-full of talented analysts, but not enough time or tools to respond to threats with sufficient speed. This is where automation, orchestration and smart response apply. To survive, you have to move fast, hit hard and be in the right place at the right time.

What is SOAR? A Simple Explanation

In short, SOAR is an acronym for Security Orchestration Automation and Response. It’s a suite of software that enables security teams to be better at managing and responding to cyber threats due to:

• Automating mundane security activities: SOAR systems take on repetitive tasks instead of issuing security analysts to manually query each alert.
• Orchestrating workflows: Integrates various security tools and systems to ensure everything flows in concert.
• Accelerating response: Automates the investigation and containment of an incident to help minimize damage.

Think of SOAR as your virtual security assistant. It allows you to consolidate alerts automatically, drive remediation by automation, and orchestrate actions — all in one place.

Advantages: Economical, Evenness, Quick Response

Many companies believe that the benefits of SOAR are simply to speed things up. But the benefits extend beyond the speed:

• Increased Efficiency: Automatically completes repeated operations. Your analysts get to spend more time on actual investigations.
• Greater Consistency: Automated processes mean the exact same actions are taken each time and reduce human error.
• Faster Incident Response: Reduces the time from identifying symptoms to taking corrective actions drastically.
• Greater Transparency: Live real-time visualization to monitor all security events from the central dashboards.
• Scalable: It supports growing alert volumes as your business grows.

When all of these benefits align you end up with a smarter, faster and leaner SOC without the need for more bodies.

FortiSOAR in Action: PJ Networks Automates Their SOC with Key Processes

At PJ Networks, Fortinet’s FortiSOAR decision was an easy one as it aligns with our mission of providing fast and responsive security coverage. This is how we utilize FortiSOAR to keep our SOC clicking like a well-oiled machine:

• Easy Integration: ForitSOAR integrates with all the security tools PJ Networks employs – firewalls, end point security, SIEMs and more. This has the benefit of providing a unified monitoring capability and a consolidated control system.
• Alert Triage: Automatically ranks alerts according to their severity and context. That way our analysts can prioritize the most urgent threats.
• Incident enrichment: FortiSOAR collects details from disparate sources to grant analysts 360-degree visibility into each incident, decreasing the time investigators waste tracking down information.
• Automated Response Actions: Such as blocking malicious IPs or containing a compromised device, are taken as a part of the response workflow /10th man with manual override.
• Continual Improvement: We always add in new plays and new methods to our playbooks and processes from looking through data that we have received from the FortiSOAR reports that we are running constantly.

These features make it easy for PJ Networks to help minimize manual effort, expedite investigations, and ensure a consistent, documented response to any incident.

Playbooks and Orchestration

As of February 2017, one of the driving factors of conversations around Automating compliance with Ansible: The role of Playbooks and orchestration.

You may ask, what the heck runs all that automation and orchestration smoothly? The solution comes down to good playbooks.

Playbooks are pre-defined, chronological rows for how security incidents are handled, triggered from detection to final closure. Here’s why they’re such a game-changer:

• Process Consistency: Guarantees all analysts take the best action steps independent of experience.
• Flexibility: Playbooks can be modified for various incident categories or client environments.
• Automation Triggers: Specify the timing and method for automated actions to take place, reducing the need for manual intervention without sacrificing control.
• Collaboration: Enable team member communication and task allocation with the help of bundled workflows.

In FortiSOAR, playbooks are the essence of the SOC automation approach. These playbooks are developed and honed by PJ Networks to deal with certain threats and customer needs.

Smarter Security, Less Toil

SOAR adoption has enabled PJ Networks security team to concentrate on what counts, solving complex challenges and planning long-term defenses. Gone are the days of being overwhelmed by alerts and overbearing manual follow-up tasks.

Through the automation of repetitive activities and the organization of cross-tool processes using FortiSOAR, we are:

• Reduce the length of time it takes to respond to an incident by orders of magnitude.
• Decreased analyst burnout by removing repetitive work.
• Confidence and compliance through automatic and auditable consistency.
• Increase in security operations that can be scaled without a corresponding exponential growth in costs.

If you’re building a resilient, nimble SOC, one that works efficiently, investing in SOAR technology, like Fortinet’s FortiSOAR, is a wise decision. At PJ Networks we want to help your business navigate today’s cybersecurity threats and meet future threats with confidence.

If you are prepared to revolutionize your security operations with automation and orchestration, don’t forget that security orchestration automation and response (SOAR) is the first step towards rapid intelligent and quality assured incident management, facilitated by FortiSOAR. Let’s stop beating ourselves up and make resolutions to prioritize where to chain and bind our workload to our infrastructure.