MENU

Security Orchestration, Automation, and Response

Effective security orchestration, automation, and response can help streamline your processes and make your IT security teams more effective.

Security incident management is complex and unless you have the required skills and resources available, can put a strain on your existing IT security teams.

We have partnered with Swimlane to offer you their leading Security Orchestration, Automation, and Response system. We are certified INSIDER SOAR engineers and can help you design, implement, and manage your Swimlane services.

We have also incorporated Swimlane into the SSS Security Threat Automation and Response Service (STARS). This is a managed service that is designed to augment your existing IT systems and staff without the need to "rip and replace" and can leverage your existing systems and assets without the need to roll out new software.

Read more about these solutions below.

Want to know more?

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our solutions to help you with your security orchestration, automation, and response requirements.

Request more information3

security operations section Solutions + Partners

  • SSS Security Threat Automation and Response Service

    Security incident management is complex, and requires skills and resources that a lot of organisations don't have.

    Security incident management is complex, and requires skills and resources that a lot of organisations don't have. Increasing demands and increased rate of change put organisations under more pressure than ever. This complexity makes it easy to overlook the people and process sides of security.

    A lack of consistent process runs the risk of critical information being missed, or incidents not being addressed. Stretched resources can result in staff burnout and important areas being neglected. It is difficult to innovate and improve when struggling just to maintain the status quo.

    Jump to:

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more the SSS Security Threat Automation and Response Service (STARS).

    Request more information3   Request a demo

    STARS Solution Overview

    SSS has partnered with Swimlane, a leading Security Orchestration, Automation, and Response system, and our shared expertise has resulted in the development of our STARS platform.

    The key to effective security operations is consistent process and evidence-based decision making. STARS achieves this through integrations with industry-leading threat intelligence sources, and combining this with the power of automation.

    STARS is designed to augment existing IT systems and staff without the need to "rip and replace". Being platform agnostic allows STARS to leverage existing systems and assets, without the requirement to roll out new software.

    SSS designs and implements best practice automation playbooks to provide effective and efficient responses to security incidents. Automation ensures that consistent processes are followed, and takes tedious and repetitive tasks away from staff. This helps to address burnout and human error, and allows the move to a proactive and innovative culture, rather than being reactive post-incident.

    Back to Top

    How It Works

    Security Discovery

    Addressing security concerns is hard when you don't know what you don't know. The first step in the STARS process is to discover vulnerabilities and indicators of compromise in your environment. This serves as a starting point for further investigation.

    Threat Analysis

    Once indicators of compromise have been identified, they need to be investigated and validated. STARS uses industry-leading threat intelligence sources to evaluate indicators of compromise. It then implements customisable logic to apply client-specific context to the information.

    Automation and Orchestration

    Once a problem is identified and validated, the next step is to figure out what to do to fix it. STARS provides best practice playbooks to deal with incident management activities, and to orchestrate response actions. Flexible levels of customisation allow you to figure out what needs to be done and how you want to do it, and then make it happen automatically.

    Response and Remediation

    Security incidents can be complex and varied, but remediation activities are often similar and repeatable. STARS allows you to identify common response actions and automate the remediation activities. This could include locking user accounts, deleting malicious emails, blocking files or IPs, or isolating endpoints. STARS has a wide range of integrations with third party systems, so remediation activities are really only limited by imagination.

    Back to Top

    Service Features

    Base Service

    The STARS base service is an incident management service for dealing with general security alarms and phishing emails.

    Service features include:

    • Access to a personalised Security Operations Centre portal
    • Customisable automation thresholds
    • Real-time metrics to demonstrate return on investment
    • Managed service using monthly pricing and no minimum commitment
    • Optional purchase of additional support or professional service hours to augment internal teams

    Playbook Management Uplift

    This includes the design, implementation, and ongoing management of playbooks for additional use cases.

    Playbooks are sized and priced based on complexity.

    • Low Complexity: Services that typically require out-of-the-box integrations, or processes that have < 3 process levels.
    • Medium Complexity: Services that typically require out-of-the-box integrations, or processes that have < 5 process levels.
    • High Complexity: Services that typically require custom integrations, or processes that have > 5 process levels.

    Example use cases include:

    • User onboarding and offboarding
    • Data exfiltration
    • Darkweb monitoring
    • Threat hunting

    Security Analyst Assistance Uplift

    STARS provides a mechanism for clients to manage and remediate their own security incidents. However, many organisations don't have dedicated security teams, or the capacity to take on the additional work that SOAR and incident management entails.

    Sometimes additional resources many be required to assist with incident management, process design, or automation configuration. SSS provides options for 5, 10, and 15 hour bundles per month to be used for any STARS activities.

    Back to Top

  • Swimlane Security Orchestration, Automation, and Response

    Swimlane is a leader in security orchestration, automation and response (SOAR).

    Swimlane is a leader in security orchestration, automation and response (SOAR). Swimlane was founded to deliver scalable, innovative and flexible security solutions to organisations struggling with alert fatigue, vendor proliferation and chronic staffing shortages. They are at the forefront of the growing market for security automation and orchestration solutions that automate and organise security processes in repeatable ways to get the most out of available resources and accelerate incident response.

    Swimlane offers a broad array of features aimed at helping organisations address both simple and complex security activities, from prioritising alerts to remediating threats and improving performance across the entire operation.

    Swimlane's SOAR platform collects security alert data from virtually any security platform with minimal effort and then automatically respond to alerts using automated workflows and playbooks.

    The SSS team are certified INSIDER SOAR engineers and we can help you design, implement, and manage your Swimlane services.

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about Swimlane and how they can help your teams become more efficient.

    Request more information3   Request a demo

    Enhance security automation for security operations

    Swimlane executes security-related tasks at machine speeds during the incident response process - from detection and investigation to resolution - freeing your staff to focus on advanced threat defence.

    Swimlane automation

    • Leverage security automation throughout your entire incident response process
    • Proactive security monitoring and detection
    • Customise playbooks and workflows
    • Standardise incident response workflows and playbooks
    • Integrate via an API-first architecture
    • Scale security processes

    Consolidate and contextualise incident data

    Speed up investigations with enriched data and facilitate process compliance and rapid response, making it easier to close more security alerts in less time.

    Swimlane incident data image

    • Analyse and enrich incident data in real time with case management
    • Enforce process standardisation and compliance
    • Remediate security alerts at machine speeds
    • Robust reporting and analytics
    • Centralised and interactive case management
    • Adaptation to any use case
    • Defined, repeatable IR processes

    Initiate actions on third-party systems

    Integrate your entire arsenal of security tools with your existing people and processes for faster, more effective incident response.

    Swimlane third party integration image

    • Centralise all relevant security event data
    • Present consolidated incident response context
    • Initiate actions on third-party systems
    • Comprehensive alert context
    • Optimised security processes
    • Consistent playbooks and workflows
    • Integrated security tools
    • Adaptive security operations
    • Automated incident response