I got the opportunity to attend Cisco Live last and wanted to provide a brief recap for everyone. Cisco Live 2018 (June 11 - 14, 2018) was a massive event with over 300 vendors and an estimated 30,000 attendees at the Orange County Convention Center in Orlando, FL (currently the second largest convention center in the US). Our team manned a booth in the Security Village pavilion where we got the chance to demonstrate and explain what Security Orchestration, Automation and Response (SOAR) actually does. Our crew of four had a great time in Orlando meeting many new people and getting a chance to show the importance of a SOAR solution in the Security Operations Center.
During the event, I gave a presentation on Security Automation and Orchestration (SAO) at the Security Village Theatre. The presentation covered:
- How to automate the repetitive, manual processes that use up security analyst time
- Methods for connecting to virtually any system or tool, allowing the orchestration of multiple tasks at machine speed and giving the SOC back the time they need to concentrate on the real problems
- The many benefits of using a SOAR solution and what to look for when evaluating your options
Each day we met and talked with representatives from a variety of companies and government agencies. There were a couple of questions that came up frequently:
- How do you start using a SOAR solution?
The best way to take advantage of orchestration and automation is to have defined procedures in place that you can look at and evaluate to determine which ones are repetitive and good candidates for automation. Essentially, playbooks or any written documentation that outlines your workflow are key to maximizing the ROI of a SOAR solution and enabling you to get the most out of it.
- What’s the difference between SAO and SOAR?
Nothing really. Both acronyms have been used quite a bit to describe a process, typically implemented with new (or additional) software, that enables Security Operation Center processes to be shifted from manual to partially or fully automatic and moves information to and/or from all of the SOC elements in the correct order to ensure the desired result is consistently achieved at a significantly faster pace.
- Does an automation solution typically cost more when it processes more transactions or connects to more systems?
There are a variety of SOAR solutions available and there are different pricing models. When you are evaluating a solution for your environment you should definitely make sure you understand how the cost will change as your environment changes.
While it was predominantly a working event, Cisco made sure everyone had the opportunity to relax and stay energized with regular meals and snacks as well as a play area consisting of life-sized games (like chess, Battleship, and Connect-Four), exercise bikes, a Lego green-screen photo op and a miniature golf course. Cisco ended the week of classes, vendors, food and entertainment by offering everyone a special 4-hour appreciation event Wednesday evening at Universal Studios with musical guests like Sam Hunt, Cake and Leon Bridges as well as plenty of rides, food and fun.