SOAR
Security Orchestration, Automation and Response
SOAR
Security Orchestration, Automation and Response
SOAR as SaaS (Software as a Service)
SOAR has been THE answer to the growing number of cyber threats and scarce human resources, such as rare security analysts, for several years. Building a SOAR platform is a very costly and challenging endeavor. terreActive has built a SOAR platform in the form of a SaaS solution that provides customers with quick and secure access and delivers all SOAR functionalities as a service.
Benefits
- Maximum availability, 7x24
- Quality through permanent tuning and proven processes
- Relief of personnel resources
- Reduction of boring routine tasks
Customers can choose from four service packages:
- SOAR Basis: This basic service includes access to terreActive's SOAR platform and includes ticketing integration and orchestration of all the customer's standard IT components.
- SOAR Packages: These automation packages allow customers to activate their own runbooks and thus additionally benefit from the SOAR platform.
- SOAR Use Case Runbooks: This service contains the current runbooks for the terreActive standard use cases.
- SOAR User: The customer can activate access to the SOAR console for his own employees. These employees can then, for example, monitor the SOC provider as auditors or actively participate as analysts.
Solution with Paloalto Cortex XSOAR (formerly Demisto)
terreActive relies on Cortex (formerly Demisto), a SOAR platform that combines orchestration, incident management and interactive security incident investigations. The orchestration engine automates tasks of security products, automates workflows and executes tasks of analysts.
This SOAR solution imports aggregated alerts and threat indicators from diverse sources such as SIEM, network tools, security feeds or emails. It then uses automatable, process-based run scripts (runbooks) to enrich the alerts and respond to incidents. The runbooks can be coordinated across multiple technologies, teams or external users to make all data visible to everyone and respond collectively.