2022-02-28T04:57:00Z
EB
Director of Community at PeerSpot (formerly IT Central Station)
  • 4
  • 82

What tools and solutions do you use for automated incident response in an enterprise in 2022?

Hi community,

What tools and solutions do you use to maximize the power of the automated incident response in a large organization? 

Is it SOAR only? Others?

Thanks!

4
PeerSpot user
4 Answers
Filip Stojkovski - PeerSpot reviewer
VP - Security Automation Lead at a financial services firm with 10,001+ employees
Real User
Top 10
2022-05-03T07:10:50Z
May 3, 2022

Mainly SOAR.

Search for a product comparison in IT Alerting and Incident Management
Real User
Top 10
2022-12-21T04:03:05Z
Dec 21, 2022

Advanced SOAR.  It has no-code automation but also has intelligence embedded to auto correlate alerts like XDR does.  Something between SOAR and XDR. 





Meleria Mangaring - PeerSpot reviewer
Systems Engineer at Trends and Technologies, Inc
Reseller
Top 5
2022-08-05T00:27:41Z
Aug 5, 2022

SOAR in collaboration with an XDR and SIEM would be good.

ES
TitleContract Program Manager for Dept of Education Security Engineering & Architecture SME at Delmock
User
2022-07-19T19:39:10Z
Jul 19, 2022

SOAR - it uses AI/ML which can predict and execute...

Learn what your peers think about PagerDuty. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
670,523 professionals have used our research since 2012.
Related Questions
EB
Director of Community at PeerSpot (formerly IT Central Station)
Dec 21, 2022
Hi SOC analysts and other infosec professionals, Which standard/custom method do you use to decide about the alert severity in your SOC?  Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?
2 out of 7 answers
RC
IT Security Consultant at Microlan Kenya Limited
Jan 20, 2022
Hi @Evgeny Belenky, I think as long as you do this thing manually, you will always have to be subjective. One will always say alerts from critical assets first, setting them with higher priority. But the concept of threat intelligence will help. Threat intelligence feeds will help in improving information about the threats you are handling. Without this, your assets and rules you set will always say "hey, this is a serious malicious activity" with brief information unlike when you get feeds from various sources of threat intelligence.  Fighting alert fatigue - It's good to have playbooks do some repetitive work. If an alert is generated, instead of jumping into all of them as analyst, playbook will help you automate some activities like checking file hashes in virus total. At least in the end one will be getting alerts that matters most and with sufficient information added by playbooks.
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jan 20, 2022
Hi @Evgeny Belenky​, Below are a few strategies if taken into account can reduce cybersecurity alert fatigue in SOC. 1. Threat intelligence 2. Native integration 3. Machine learning 4. Watchlists 5. UEBA (User and Entity Behavior Analytics) 6. Automation
EB
Director of Community at PeerSpot (formerly IT Central Station)
Feb 1, 2022
Hello security professionals, What is the main difference between these two terms in incident response:  mitigation and remediation. Please share some examples, if applicable. Thanks,
2 out of 5 answers
BH
IT Security Coordinator at a healthcare company with 10,001+ employees
Jan 11, 2022
Mitigation is taking your car in for an oil change and tune up.  Remediation is them finding you have a blown gasket seal and replacing the parts and greasing the engine to make your engine doesn't blow. AKA security vulnerability management.
RB
IT Consultant at SELF
Jan 11, 2022
Mitigation is changing the flat tire. Remediation is getting the nails off the road. 
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Central Station (soon to be PeerSpot)! Questions Share your experience with other peers by ans...
CL
Senior IT Infrastructure Engineer at Tecnoage
Nov 5, 2021
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industry across all industries, this text pays special attention to ransomware, as this practice is on the rise in the world of cybercrime. Let's focus on the subject, specifically on the Healthcare sector. We are based on Sophos' annual report on cyber threats, which discusses the continuity of ransomware...
NC
Content Manager at PeerSpot (formerly IT Central Station)
Oct 14, 2021
We receive alerts all day long - alerts about emails, incoming Whatsapps and SMSes, posts on social media, etc. At some point we become desensitized to these alerts and stop noticing them anymore - a phenomenon known as “alert fatigue.” Seventy percent of a SOC analyst’s workday is spent dealing with alerts, so SOC analysts are more at risk for alert fatigue than pretty much anyone else. SOC a...
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Spotlight #2 (Community Digest) by IT Central Station
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cy...
CL
Senior IT Infrastructure Engineer at Tecnoage
Nov 5, 2021
An Overview of Ransomware in Healthcare Organizations in 2021
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industr...
Download Free Report
Download our free PagerDuty Report and get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
DOWNLOAD NOW
670,523 professionals have used our research since 2012.