Elastic Security Advances SOAR Integration
Elastic Security today updated its security orchestration, automation and response (SOAR) platform to provide integrations with similar platforms as part of an effort to streamline analytics.
Version 8.4 of the Elastic SOAR platform now provides bi-directional integrations with ServiceNow, Swimlane, Tines, D3 and Torq. It also provides access to a terminal-like interface that enables cybersecurity practitioners to view and invoke response actions more quickly along with an audit interface to provide a full record of incident response activity.
Finally, cybersecurity analysts can now isolate hosts by disabling network connectivity for potentially infected systems to prevent lateral movement of malware. In addition, cybersecurity teams can now return a Windows host to its last known good state without requiring any manual intervention.
Mike Nichols, vice president of product management for Elastic Security, said the company is pursuing an application programming interface (API)-centric approach to cybersecurity integration to make it simpler for cybersecurity analysts to access data regardless of where it was originally created.
The Elastic platform itself is based on an Elastic Agent that makes security capabilities more accessible to small-to-medium enterprises (SMEs) that typically don’t have the expertise required to deploy and maintain more complex platforms. An IT or cybersecurity team can then deploy that agent with a single click to integrate any endpoint with the Elastic SOAR platform, noted Nichols.
The goal is to bring enterprise-class security capabilities to SMEs that either employ only a handful of cybersecurity professionals or that rely on IT operations teams to manage cybersecurity, he added. The challenge they face is being able to find a cybersecurity platform capable of processing massive amounts of data to surface actionable intelligence that is easy to manage, said Nichols.
Interest in cybersecurity automation has risen in lockstep with the growing shortage of cybersecurity expertise. Organizations that are unable to fill cybersecurity positions are looking for ways to automate cybersecurity processes that enable a smaller team to handle a wider range of tasks.
One of the biggest challenges when it comes to automation is, of course, interoperability. Each cybersecurity platform employed today collects data in a unique format. Cybersecurity teams have to rely on various types of connectors and APIs to access data and then find a way to normalize it before analytics can be consistently applied. Elastic Security is essentially making a case for becoming the SOAR vehicle through which that goal is accomplished.
It remains to be seen whether cybersecurity analytics can be unified. However, the one thing that is certain is that, in the absence of unified observability, each new platform added to an IT environment only further complicates the challenge. It’s not likely there will ever be one cybersecurity platform to rule them all, so the current interoperability challenge organizations face as they employ a mix of best-of-breed cybersecurity tools is a major issue.
One way or another, that interoperability issue will be eventually addressed by both reducing the number of cybersecurity platforms used and simplifying integration. The issue is how long it might take to achieve that goal as the volume and sophistication of cyberattacks increases.
