Security Minute: Let Your SOC SOAR With NetWitness Orchestrator

NetWitness Orchestrator is a SOAR solution that leverages threat intelligence to not only flag suspicious activity in your customers’ networks, but also correlates data points and activity to discover and report threat patterns.

Global cybercrime is expected to net a total $6 trillion in 2021, double the amount in damages totaled in 2015. Combine that with a workforce of cybersecurity professionals that falls short of demand by 62 percent in the U.S. alone, the risk becomes even greater to your business and your customers.

The solution? Automate. Security orchestration, automation and response, or SOAR solutions, help you best utilize the time and talent of the security operations center analysts you do have while automating repetitive tasks. “They’re not completely frustrated doing the same thing over and over again, and they can really take that time and focus on what they want to do, which is find those really complicated, sophisticated threats and address those,” says Brian Robertson, senior product marketing manager for NetWitness, an RSA business.

NetWitness Orchestrator is a SOAR solution that leverages threat intelligence to not only flag suspicious activity in your customers’ networks, but also correlates data points and activity to discover and report threat patterns. This allows SOC experts to streamline their threat investigations and prioritize which incidents to act on. “And even after it is resolved, it actually builds a feedback loop so you can better buildout your threat library to have a better understanding for future incidents,” Robertson says.

This rich threat intelligence is what enables NetWitness Orchestrator to create a customized cybersecurity playbook to better align with your monitoring and incident response needs. “You don’t want those low-level task playbooks to be consuming a bunch of resources and not allowing those really high-priority ones to do their job,” says Robertson. “By being able to align playbook servers and scale out that way, you really give those priority playbooks the resources that they need dedicated to them so that when they need to jump into action, they’re able to do that.”

NetWitness Orchestrator provides more opportunities for partners to win with customers by being able to integrate with a new customer’s existing SOC infrastructure or build on to an existing customer’s NetWitness Platform for an even stronger security posture.