eBooks/eGuides

Data Center and Hybrid Cloud for Dummies

Issue link: https://insights.oneneck.com/i/1458399

Contents of this Issue

Navigation

Page 56 of 82

52 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Security orchestration and automation Security orchestration is a method of connecting disparate security tools, teams, and infrastructures for seamless and process-based security operations and incident response. Security orchestration acts as a powerful enabler for security automation because well- connected security systems are more receptive to automation and scale. The three pillars of security orchestration are people, processes, and technology. By streamlining security processes, connect- ing different security tools and technologies, and maintaining the right balance of machine-powered security automation and human intervention, security orchestration empowers secu- rity professionals to improve the organization's overall security posture. A combination of industry trends and market forces have created challenges that security orchestration is well positioned to solve, including: » Rising alert numbers: With an increased threat surface, a greater number of entry vectors for attackers, and an increase in specialized cybersecurity tools, the number of alerts is constantly on the rise. Analysts need help in identifying false positives, duplicate incidents, and keeping the alert numbers in check without burning out. » Product proliferation: Analysts use numerous tools — both within and outside the purview of security — to coordinate and action their response to incidents. This involves lots of screen switching, fragmented information, and disjointed record keeping. » Lack of skilled analysts: With a shortage of millions of analysts expected over the coming years, many security operations centers (SOCs) are understaffed, leading to increased workload, stress, and rates of error among analysts. » Inconsistent response processes: As SOCs mature, security teams spend most of their day fighting fires and can't devote enough time to set standard response processes or spot patterns that reduce rework. This results in response quality being dependent on individual analysts, which can lead to variance in quality and effectiveness.

Articles in this issue

Archives of this issue

view archives of eBooks/eGuides - Data Center and Hybrid Cloud for Dummies