Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
There’s only so much a human security team can do in a day, yet many analysts are forced to waste time on inefficient manual processes.
In fact, 56% of large companies handle at least 1,000 security warnings per day. If each of these alerts takes 10 minutes to address, that’s over 166 hours wasted per day or 830 per week. Automation is now essential to eliminate these manual tasks so that security professionals can focus on more high-quality work.
Therefore today, SIEM provider, Elastic, announced the launch of Elastic Security 8.4, which introduces new native security, orchestration, automation, and response (SOAR) capabilities. It also has partner integrations designed to accelerate the pace of security operations centers (SOCs) and better support human analysts.
Powered by Elastic Agent, the new solution provides native remediation and response capabilities for all users, as well as configurable alerts and integration with other SOAR vendors, allowing organizations to deploy SOAR without purchasing additional solutions.
Event
MetaBeat 2022
MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.
Register here
SOAR and open security
Elastic’s announcement comes as security automation becomes increasingly important to survive an increasingly complex threat landscape.
According to IBM, organizations with fully deployed artificial intelligence (AI) and automation spent $3.05 million less per data breach compared to those without. SOAR provides a comprehensive security automation framework.
According to GartnerSOAR platforms are “solutions that combine incident response, orchestration and automation, and threat intelligence platform management capabilities into a single solution.” The end result is the ability to reduce mean time to detection and mean time to respond to security incidents.
By implementing SOAR capabilities into its existing solution, Elastic hopes to advance its journey to open security and now offers new integrations with: D3 and Torqas well as existing with Service now, Swimming lane and teeth.
“We are committed to open security, which started with opening our security artifacts,” said Mike Nichols, vice president of product management, security at Elastic.
“By sharing the behaviors we look for to identify threats and our mechanisms to stop an attack, other companies can leverage the work we’ve already done to strengthen their own defenses,” Nichols said.
A snapshot of the SOAR market
These new capabilities place Elastic Security within the SOAR marketwhich researchers expect to grow at a compound annual growth rate of 14.6% to reach a value of $2.03 billion by 2025.
One of the leading providers on the market is Swimlane, which provides a low-code SOAR platform designed for security professionals with no coding experience, which uses webhooks and third-party agents to ingest data from across the organizational environment.
Earlier this year, Swimlane raised $70 million in growth financing.
Another competitor is Simplify, acquired by Google early this year for $500 million, giving organizations a cloud-native SOAR platform with a drag-and-drop user interface that analysts can use to automate administrative tasks. It also provides machine learning-based recommendations to increase the visibility of the SOC.
The main differentiator between Elastic Security and other providers in the market is its focus on open security – with the goal of normalizing data sharing to ensure that enterprises have access to the information they need to secure their environments against modern threat actors.
The mission of VentureBeat is a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more about membership.