Leveraging SOAR Technology to Facilitate Knowledge Transfer in Security Operations

Back to all articles

Earlier this year I was talking to a colleague about the state of SOC operations and how I was looking forward to going to the SANS Security Operations Summit in New Orleans in July. The folks who attend SANS events are at the top of their game and let’s be honest, SANS provides some of the best training in our industry, so what’s not to love?

The conversation quickly turned to how to provide better scalability within SOC operations. Given that our teams are confronted with an increased number of alerts coming from more sophisticated actors on a daily basis, how do we keep up? We spoke about the need for better security automation to enrich the information available at the onset of an incident and how malware has been automating since the Morris worm 30 years ago.

At one point she asked me how best we can handle the transfer of incident handling “tribal knowledge” from the senior Incident Response personnel to the junior members, given the daily workload they carry. I thought about it for a moment and threw out that perhaps increased spending for machine learning or AI could help bridge the knowledge gap. She then asked, “Couldn’t we take that money and invest in knowledge transfer within the team instead?”. That simple and simultaneously complex question got me to thinking about how we can better utilize existing resources to provide that knowledge transfer in an environment as dynamic and rapidly changing as an Incident Response organization.

I thought this topic was interesting enough to make it my focus for my upcoming speaking engagement at SANS.

As we already know an increased workload coupled with an industry-wide shortage of skilled responders is heavily impacting operational performance in Security Operations Centers (SOC) globally and an integral part of the solution is formulating a methodology to ensure that crucial knowledge is retained and transferred between incident responders. By utilizing Security Orchestration, Automation and Response (SOAR) technology, security teams can combine traditional methods of knowledge transfer with more modern techniques and technologies.

Join me at the SANS Security Operations Summit on July 30, 2018 at Noon for an informal “Lunch and Learn” session to discuss how we ensure that the Incident Response knowledge possessed by our senior responders can be consistently and accurately passed along to the more junior team members while simultaneously contributing to the Incident Response process. I look forward to meeting you there.

If you are not attending the summit, don’t worry, you can visit our website to find out more information about the benefits of utilizing a SOAR solution with DFLabs’ IncMan SOAR platform. Alternatively, if you would like to have a more in-depth discussion, you can arrange a demo to see IncMan live in action.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields