Security Orchestration, Automation, and Response

Security incident management is complex, and requires skills and resources that a lot of organisations don't have. Increasing demands and increased rate of change put organisations under more pressure than ever. This complexity makes it easy to overlook the people and process sides of security.

A lack of consistent process runs the risk of critical information being missed, or incidents not being addressed. Stretched resources can result in staff burnout and important areas being neglected. It is difficult to innovate and improve when struggling just to maintain the status quo.

Jump to:

• SSS STARS Solution Overview
• How it works
• Service Features

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more the SSS Security Threat Automation and Response Service (STARS).

STARS Solution Overview

SSS has partnered with Swimlane, a leading Security Orchestration, Automation, and Response system, and our shared expertise has resulted in the development of our STARS platform.

The key to effective security operations is consistent process and evidence-based decision making. STARS achieves this through integrations with industry-leading threat intelligence sources, and combining this with the power of automation.

STARS is designed to augment existing IT systems and staff without the need to "rip and replace". Being platform agnostic allows STARS to leverage existing systems and assets, without the requirement to roll out new software.

SSS designs and implements best practice automation playbooks to provide effective and efficient responses to security incidents. Automation ensures that consistent processes are followed, and takes tedious and repetitive tasks away from staff. This helps to address burnout and human error, and allows the move to a proactive and innovative culture, rather than being reactive post-incident.

Back to Top

How It Works

Security Discovery

Addressing security concerns is hard when you don't know what you don't know. The first step in the STARS process is to discover vulnerabilities and indicators of compromise in your environment. This serves as a starting point for further investigation.

Threat Analysis

Once indicators of compromise have been identified, they need to be investigated and validated. STARS uses industry-leading threat intelligence sources to evaluate indicators of compromise. It then implements customisable logic to apply client-specific context to the information.

Automation and Orchestration

Once a problem is identified and validated, the next step is to figure out what to do to fix it. STARS provides best practice playbooks to deal with incident management activities, and to orchestrate response actions. Flexible levels of customisation allow you to figure out what needs to be done and how you want to do it, and then make it happen automatically.

Response and Remediation

Security incidents can be complex and varied, but remediation activities are often similar and repeatable. STARS allows you to identify common response actions and automate the remediation activities. This could include locking user accounts, deleting malicious emails, blocking files or IPs, or isolating endpoints. STARS has a wide range of integrations with third party systems, so remediation activities are really only limited by imagination.

Back to Top

Service Features

Base Service

The STARS base service is an incident management service for dealing with general security alarms and phishing emails.

Service features include:

• Access to a personalised Security Operations Centre portal
• Customisable automation thresholds
• Real-time metrics to demonstrate return on investment
• Managed service using monthly pricing and no minimum commitment
• Optional purchase of additional support or professional service hours to augment internal teams

Playbook Management Uplift

This includes the design, implementation, and ongoing management of playbooks for additional use cases.

Playbooks are sized and priced based on complexity.

• Low Complexity: Services that typically require out-of-the-box integrations, or processes that have < 3 process levels.
• Medium Complexity: Services that typically require out-of-the-box integrations, or processes that have < 5 process levels.
• High Complexity: Services that typically require custom integrations, or processes that have > 5 process levels.

Example use cases include:

• User onboarding and offboarding
• Data exfiltration
• Darkweb monitoring
• Threat hunting

Security Analyst Assistance Uplift

STARS provides a mechanism for clients to manage and remediate their own security incidents. However, many organisations don't have dedicated security teams, or the capacity to take on the additional work that SOAR and incident management entails.

Sometimes additional resources many be required to assist with incident management, process design, or automation configuration. SSS provides options for 5, 10, and 15 hour bundles per month to be used for any STARS activities.

Back to Top

Swimlane is a leader in security orchestration, automation and response (SOAR). Swimlane was founded to deliver scalable, innovative and flexible security solutions to organisations struggling with alert fatigue, vendor proliferation and chronic staffing shortages. They are at the forefront of the growing market for security automation and orchestration solutions that automate and organise security processes in repeatable ways to get the most out of available resources and accelerate incident response.

Swimlane offers a broad array of features aimed at helping organisations address both simple and complex security activities, from prioritising alerts to remediating threats and improving performance across the entire operation.

Swimlane's SOAR platform collects security alert data from virtually any security platform with minimal effort and then automatically respond to alerts using automated workflows and playbooks.

The SSS team are certified INSIDER SOAR engineers and we can help you design, implement, and manage your Swimlane services.

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about Swimlane and how they can help your teams become more efficient.

Enhance security automation for security operations

Swimlane executes security-related tasks at machine speeds during the incident response process - from detection and investigation to resolution - freeing your staff to focus on advanced threat defence.

• Leverage security automation throughout your entire incident response process
• Proactive security monitoring and detection
• Customise playbooks and workflows
• Standardise incident response workflows and playbooks
• Integrate via an API-first architecture
• Scale security processes

Consolidate and contextualise incident data

Speed up investigations with enriched data and facilitate process compliance and rapid response, making it easier to close more security alerts in less time.

• Analyse and enrich incident data in real time with case management
• Enforce process standardisation and compliance
• Remediate security alerts at machine speeds
• Robust reporting and analytics
• Centralised and interactive case management
• Adaptation to any use case
• Defined, repeatable IR processes

Initiate actions on third-party systems

Integrate your entire arsenal of security tools with your existing people and processes for faster, more effective incident response.

• Centralise all relevant security event data
• Present consolidated incident response context
• Initiate actions on third-party systems
• Comprehensive alert context
• Optimised security processes
• Consistent playbooks and workflows
• Integrated security tools
• Adaptive security operations
• Automated incident response