preventing cyber fatigue<\/strong> (limiting tedious, repetitive and time-consuming tasks).<\/li>\n<\/ul>\n\n\n\nHigh expectations vs promises: a potentially vicious circle<\/h2>\n\n\n\n Faced with a growing threat and increasingly fast and sophisticated attacks, companies have heightened expectations of their cyber protection \u2013 particularly regarding reaction time<\/strong> (identifying and responding to incidents) and relevant alerts<\/strong> (avoiding false positives).<\/p>\n\n\n\nIn response, software publishers are inclined to offer quick-fix solutions, which inevitably struggle to deliver on their promises. These somewhat oversold solutions serve mainly to enable analysts to sort and assess alerts more quickly, but are less helpful for responding to incidents<\/strong>.<\/p>\n\n\n\nThree limitations of automation in cyber security<\/h3>\n\n\n\n#1 Technical limitations<\/h2>\n\n\n\n It is generally possible to automate detecting, classifying and identifying actions. But to perform remediation actions<\/strong>, clients’ technical solutions must be orchestrable, aided by the presence of an API to administer the targeted technology. It is also essential to ensure the scalability <\/strong>of an orchestration solution so it can handle multiple automations.<\/p>\n\n\n\nAn on-premise<\/strong> solution, which can only be managed via a graphical user interface, is much more complicated to orchestrate remotely.<\/p>\n\n\n\n#2 Lack of context<\/h2>\n\n\n\n To automate decision-making, you need context and repeatable, controlled patterns and models. But keeping context repositories complete and up to date<\/strong> is almost impossible! The information is often scattered and incomplete, or even stored only in the heads of experts within the organisation. And automating operational cyber security telepathically is not (yet) possible.<\/p>\n\n\n\n#3 Lengthy approval process<\/h2>\n\n\n\n It is possible to establish automatic reaction<\/strong> strategies within specific areas that the client has validated. But approval is usually required to be able to take concrete action.<\/p>\n\n\n\nSome approval loops<\/strong> involve more than one person: the main contact might not be authorised to accept, or a third party might have to sign off on information before a decision is made, etc.<\/p>\n\n\n\nHow Advens harnesses the power of automation<\/h3>\n\n\n\nA data-centric and automation-by-design approach<\/h2>\n\n\n\n At Advens, managing a security incident is a process that consists of several steps, each of which can be optimised<\/strong>. Background data and Cyber Threat Intelligence (CTI) must be integrated into the incident management process as early as possible (data-centric approach) to save time during analysis and limit the number of alerts.<\/p>\n\n\n\nA crucial part of optimising a process is eliminating “unnecessary tasks”. That is the essence of automation by design<\/strong>: optimising workflow and automating trivial, repetitive or costly tasks performed by analysts.<\/p>\n\n\n\nThat is how Advens designed its SOC automation<\/strong>. It integrates and adds value to each step of the incident response process (collection, enrichment, threat detection, classification, communication and remediation).<\/p>\n\n\n\nSynergy and collective intelligence<\/h2>\n\n\n\n By automating the CTI and the review of monitoring plans, Advens is able to provide a shared knowledge base<\/strong> to all the organisations it protects.<\/p>\n\n\n\nThe Advens mySoc platform can also be orchestrated via APIs<\/strong>. It lets experts and analysts create automations for specific business processes – making them both operators and designers of solutions.<\/p>\n\n\n\nThe Advens approach: four benefits for end users<\/h3>\n\n\n\n\nA security incident management process that is optimised at every stage<\/strong>.<\/li>\n\n\n\nShorter<\/strong> classification and remediation times.<\/li>\n\n\n\nA reduced false positive rate.<\/strong><\/li>\n\n\n\nAn adaptive and evolving vision of cyber security:<\/strong> when other areas need to be secured or new algorithms are introduced, companies can seamlessly integrate them into their security process.<\/li>\n<\/ol>\n\n\n \n\n \n “Automating operational cyber security means integrating the entire processing flow, from enriching the data collected to remediation actions. At Advens, this is made possible by the data-centric and automation-by-design approach of our platform.”<\/p>\n <\/blockquote>\n
\n
\n
![\"Micka\u00ebl](\"https:\/\/www.advens.com\/app\/uploads\/2023\/01\/mickae-l-beaumont-product-manager-chez-advens-150x150.jpg\")
\n