Security automation and orchestration
Security orchestration is a method of connecting security tools and integrating disparate security systems to support security automation.
IACD can be summarized as the set of orchestration services needed to:
Integrate across multiple, disparate sources of information
Automate the determination of risk and the decision to act;
Synchronize those machine actions to align with an organization’s business rules and operational priorities, as captured in playbooks
Inform communities of trust via secure automated cybersecurity information exchange
The following Topics provide key insights into orchestration concepts for IACD
Orchestrator Thin SPECIFICATION
To help the cyber defense community adopt and implement IACD, certain capabilities and services require specifications. The intent is to provide the cyber defense community with minimum sets of requirements for particular IACD components. The intent of specifications is to help further define IACD components so that products that currently exist or products that are currently being developed can align themselves with IACD capabilities and services. Additionally, the goal of the specifications is to elicit feedback from the community to be leveraged.
Orchestrator Trends in technology
This handout provides you with a quick analysis of some of the common characteristics and
operationally critical features of these rapidly maturing technologies. Whether you’re interested
in purchasing orchestration products or just trying to keep up with the latest trends in
technology, take a few minutes to see what many of them can offer.
Orchestration example: automated It/ot Recovery
The following video shows how an organization can employ automation and orchestration within the IACD framework to automate recovery in a combined Information Technology and Operational Technology (IT/OT) environment.
Advanced Orchestration Techniques: Reversibility
This video provides insight into a key concept for orchestration known as reversibility. As one deploys an orchestrator in production, the concept of how to undo actions when needed becomes critical. In this talk, we address key concerns and provide some examples of how to enact reversibility in your automation workflows.
High-Benefit/Low-Regret Automated Actions as Common Practice
Organizations should focus on when to take an action in an automated manner instead of whether the action should be automated. A benefit vs. regret matrix can highlight where automated actions are appropriate and where they may not be the best approach to mitigating threats and vulnerabilities. Focusing on identification of low-regret actions, even with uncertainty about the risk, can improve the efficiency of operations personnel and tremendously scale up appropriate automation of response actions.
Security Automation and Orchestration (SA&O) Implementer Insights
An increasing number of organizations are exploring and integrating Security Automation & Orchestration (SA&O) / Security Orchestration, Automation & Response (SOAR) strategies and platforms in cyber defense. Experienced organizations share lessons learned, best practices and recommendations.