Security Orchestration, Automation, And Response (SOAR) Overview

Definition

As per Gartner definition, SOAR is the set of technologies that allow enterprises to collect security threats’ alerts and data from multiple sources, and then perform incident analysis and remediation process by using both human skills and machine power together to help in defining, prioritizing, and driving standardized incident response activities in accordance with a standard workflow. The SOAR tools enable companies to describe incident analysis and response procedures, also known as “Plays” in a Security Operations Playbook, in a digital workflow format.

Continue reading

Google+ Shutting Down: Is the Data Breach a Reason?

Alongside Facebook’s Cambridge Analytica incident, Google suffered a blow of its own. In March, a bug was found in the Google+ API that allowed third-party apps access to data of users who granted permissions to their profiles and also their friends. Evidently, Google did not disclose the finding of this bug and the subsequent data leak amid the growing concerns of data privacy across the globe and the scrutiny that Facebook was facing. Some reports also suggest that the leak was kept hush-hush due to the fear of drawing regulatory scrutiny and repetitional damage.[1]

Continue reading

Arbor Pravail Availability Protection System (APS) Integration

The global spread of botnets (collections of compromised computers) has led to an epidemic of DDoS attacks. As attack tools become more sophisticated and easier to use, botnet operators are bringing down targeted applications with low bandwidth attacks that escape detection both in provider networks and by traditional perimeter security devices. Data center operators are typically unaware of such attacks until critical services are down or badly degraded. At that point, there can be extreme pressure to find and fix the problem. Yet the tools and expertise to do so are often lacking.

Continue reading