By James Dieteman
Director of Analysis, Malware Analyst
The fast lane. It’s where information and data live and where organizations need to be able to keep up. If you understand that metaphor, understanding the swim lane shouldn’t be too much of a stretch. The swim lane is the fastest lane in the public pool. You don’t go to the swim lane if you’re looking for a casual dip. Water walkers, doggie paddlers and waders don’t belong there. Venture in with the intent of going slowly and you’ll be run over and probably drown.
Now let’s make a metaphorical swan dive into cybersecurity. When we refer to the swim lane, we’re still talking about the fast lane. But we’re also talking about Swimlane, the tool that helps our security operations center (SOC) function at maximum efficiency and high speed.
SOAR and Cybersecurity
Evolving threats and vulnerabilities require process flexibility, adaptability, and capability. Swimlane gives organizations all three, not only because of its functionality, but because it is built on the convergence of three solutions: security orchestration, automation and response, or SOAR. Developed by research company Gartner, triple-layer SOAR can be applied to any number of cybersecurity solutions, including detection of malicious network traffic, vulnerability management, and incident response.
By harnessing SOAR, organizations can reduce mean time to detect (MTTD) and mean time to respond (MTTR). Reduced MTTD and MTTR translates into security alerts being addressed immediately. Whereas in the past, a threat could take hours, days, or weeks to assess, SOAR can reduce the process to minutes. And by using incident response “playbooks,” analysts can take appropriate action more quickly, efficiently, and accurately.
The Intersection of SOAR, Swimlane, and Cybersecurity
Disparate security technologies, while necessary in assessing each risk, have created a training and multitasking conundrum. Not only must analysts become adept at utilizing multiple tools, they must monitor, analyze, and correlate data generated from each against the other. This puts a strain on SOCs, reducing their effectiveness and increasing vulnerability to attacks.
Using Swimlane alleviates many of these issues, mitigating threats and closing error margins. Swimlane helps maximize ECS’ incident response capabilities in two ways.
First, Swimlane serves as an aggregator. Instead of needing to log into each of our Enterprise Security Manager (ESM) instances to view and respond to alerts, it takes those from each of our tools and puts it behind the fabled ‘single pane of glass’ so we don’t have to log into and consult multiple toolsets.
Second, Swimlane provides automation. When events come in, we can have automatic data enrichment, automated response actions and correlation, and built in runbooks and decision points for analysts. Less of the process is manual, and some of the work that doesn’t require human intuition is removed.
Automation with Swimlane simplifies and enhances processes typically handled by analysts who now can utilize integrations such as:
- Ticketing systems
- Data enrichment tools
- Threat-hunting APIs
In addition, analysts can have direct access to the hosts involved in alerts in order to follow up on potential threats, quarantine suspicious data, or delete files.
Aggregation and automation both serve to position ECS in the fast lane, which is good news for clients and the general public who rely on our experts to be in top form 24/7. If you are a commercial or government organization that requires cybersecurity services, management or oversight, reach out to an expert at ECS today.
ECS, a segment of ASGN, delivers advanced solutions in cloud, cybersecurity, artificial intelligence (AI), machine learning (ML), application and IT modernization, science, and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence, and commercial industries. ECS maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ECS has more than 2,700 employees throughout the United States. For more information, visit ECStech.com.