Device Recognition Accelerates SOAR with Data Enrichment

Device Recognition Accelerates SOAR with Data Enrichment

It’s a week before Christmas, and an online merchant’s IT team receives an alert from the SIEM tool. There’s a potential DDoS attack against one of the main web servers, which is slowing the site’s performance significantly. Every second counts – isolating the impacted machine and switching services to a backup server is crucial to maintain business operations and customer experience, as shoppers flock to the site for last-minute purchases. 

In such situations, the company’s Security Orchestration, Automation and Response tool (SOAR) can help the team coordinate, execute and automate incident response tasks so they can respond rapidly. The SOAR solution relies on data captured in the SIEM alert to initiate the response. While most SIEM tools don’t provide much information, this merchant’s SOAR solution has embedded Lansweeper IT asset discovery and recognition capabilities, and provides all the data the team needs to spring into action. Thank goodness! Because, without it, they would have been up the proverbial creek without a paddle.

What is a SOAR Solution?

A comprehensive SOAR solution provides three capabilities: threat and vulnerability management, security incident response, and security operations automation. It helps coordinate, execute and automate tasks between all the various people and tools involved in addressing an incident. SOAR tools rely on alert data from SIEM tools, which trigger playbooks that automate response actions. The more data that’s available to the SOAR, the more prompt and accurate the response.

SOAR tools are increasingly critical to continued operations and risk mitigation. Unplanned downtime is more common than ever – 82% of companies have experienced at least one unplanned downtime incident over the past three years, and many have suffered two or more. A single hour of downtime can cost an organization at least $1 million, and businesses lose upwards of $6 trillion to ransomware attacks and other cybersecurity events each year. When every second counts, it’s essential to have all the information you need at your fingertips, so you can act quickly and resolve the problem before losses accrue.

Unfortunately, alerts from many SIEM tools come with minimal information, containing maybe a MAC or IP address only – and that’s not enough data to take corrective action. Teams need to know what machines are impacted and where they are located, their make and model, and whether they have an outdated OS and need security updates, so they can initiate and orchestrate the appropriate response. Typically, teams must hunt for this information manually, which is slow, tedious and inefficient. While high-paid security professionals spend hours chasing down the details via emails and phone calls, the clock is ticking, money is being lost and risk is escalating. 

It comes down to this: SOAR platforms are only as effective as the data they ingest and provide. 

Lansweeper and SOAR: Enriched Data for Faster Incident Response

When SOAR vendors embed Lansweeper into their platforms, their customers have instant access to an always-accurate inventory of their organization’s technology assets. With this information at their fingertips, not only can they react faster and more efficiently to an incident, they can proactively protect the infrastructure by rolling out upgrades and software updates, before downtime or an attack can occur.

Lansweeper’s deep scanning engine and credential-free device recognition (CDR) technology work together to surface contextual data about all connected hardware and software assets across an organization’s technology estate – even shadow IT and rogue devices that only touch the network briefly. SOAR tools benefit from a complete and current dataset containing granular information about connected devices and their location, installed software, users and more. This data can be used to enrich SIEM alerts, enabling security analysts rapid access to all the data they need to initiate and orchestrate remediation processes and execute their playbooks quickly. In this way, they can reduce mean time to repair and potentially save their organization millions in losses. 

Lansweeper already integrates seamlessly with leading SOAR tools, including Splunk SOAR and Palo Alto Cortex XSOAR, providing customers with contextual information for accelerating decision-making and automating remediation workflows.

Interested in embedding Lansweeper into your SOAR solution? Learn more here.