Ready to Adopt
Note: Information will continue to be refined as we get feedback, questions, comments and new information. Please send us your thoughts!
Before beginning to adopt SOAR, buy-in at the senior leadership level is essential. SOAR will change how operations are performed, and having an approved adoption strategy and initial business case to start makes it possible to obtain the resources and make the adjustments needed for successful adoption.
Helpful Information:
There are IACD Playbooks and Workflow examples that can assist you in providing ideas where automated orchestration responses can benefit an organization.
The IACD & FS-ISAC Financial Pilot Results provide insights into the benefits that orchestration has brought to multiple financial organizations.
This Orchestration Example: Automated IT/OT Recovery video provides a reference implementation of how orchestration tools can be incorporated into an organization’s network to provide automation.
The Implementers Insights white paper offers recommendations and lessons learned from experienced adopters and vendors.
The Operationalization Lessons Learned presentation provides insights into critical elements of a successful SOAR deployment and technical considerations.
The Security Automation & Orchestration (SA&O) Metrics & Measures whitepaper identifies metrics and measures that organizations should consider in collecting, assessing, and comparing over time to understand the benefits, value, and effects of automation.
Whenever an organization invests in cyber defense automation, they must think about how trust in that automation impacts the organization’s ability to defend itself from cyber-attacks. The Trust in Automation framework shows the many variables that can play a part in the use of automation and information.
Additional Resources:
- IACD 101 - Summarizes the core concepts of IACD
- Introduction to IACD Playbooks - Summarizes IACD playbooks and their relevance
- Playbook Thin Specification - Recommended minimum requirements for IACD Playbooks
- High-Benefit/Low-Regret Automated Actions as Common Practice - A benefit vs. regret matrix that highlight where automated actions are appropriate and where they may not be the best approach to mitigating threats and vulnerabilities
- IACD Playbooks and Workflows - Introduction to defining, building, and using IACD playbooks
- Integrated Adaptive Cyber Defense - IACD one-page summary
- IACD Baseline Architecture - Describes baseline for IACD Reference Architecture
- ICD Conceptual Reference Model - Provides definitions and a formal structure for describing the implicit and explicit concepts and relationships within a system.
- Asking the Right Questions - Provides a set of initial questions to ask vendors and additional information on key IACD considerations.
- Autoimmunity - Overview of Autoimmunity (the capability to recognize, respond to, and review Cyber Threat Information (CTI) submitted to the information broker that would harm the integrity of the feed to recipients).