By Dan Schiappa, Chief Product Officer
Security orchestration, automation, and response (SOAR) has an opportunity to be a game changer in how we tackle cyber risk, but there is a significant disconnect between the promises made by existing SOAR platforms and how organisations are able to realise their real-world operational and cost-saving efficiencies.
All those automations that promise to eliminate late hours working on mundane stuff. All the orchestrations that promise to get things done faster. All the playbooks that promise to make things more efficient and upskill your team better. They all just seem to disappear the moment the check is written, the box is installed, and the consultants leave.
Next-generation SOAR is Essential to Defend at the Speed of Data
It’s no secret that Arctic Wolf is on a mission to end cyber risk, and we at our core believe that the key to doing that is making security operations fast, efficient, and achievable for organisations of all sizes. And in today’s threat landscape, with threat actors developing novel attack techniques daily, and every organisation’s attack surface growing larger due to digital transformation, next-generation SOAR is fast-becoming a core requirement for an effective security operations program.
So, the question then is – How can organisations get the benefits of security orchestration, automation, and response, when many lack the technical capabilities and internal security talent needed to implement and operationalise SOAR in an effective way?
We have the answer to this question, and to help us tackle this problem head on, we have announced our intent to acquire Revelstoke, creators of the first SOAR platform built on a unified data layer. Since their founding, Revelstoke has disrupted legacy SOAR solutions by creating a Rosetta Stone for security and IT solutions, seamlessly integrating disparate data and systems, with a low or no code approach that allows for faster, smarter, more efficient security operations outcomes.
We believe the best way to bring to market these advanced SOAR capabilities is by fully integrating them into our Security Operations Cloud and unique Concierge Delivery Model. As a result, we are advancing our detection and response capabilities with tailored response actions at scale, while our customers will directly reap the benefits of the technology without having to purchase new modules.
Where Most SOARs Fail
Up until this point, most SOARs fail because they have a communication problem.
They promise to bring all an organisation’s IT and cybersecurity tools and data together, but this just doesn’t work because they don’t know how to make these disparate solutions speak the same language. Now while there are several industry wide initiatives to tackle this issue, the most prominent being the Open Cybersecurity Schema Framework of which Arctic Wolf is a key contributor, the reality is the industry still has a way to go before all security tools speak a common language.
That is what makes Revelstoke’s unified data layer so unique in the industry. The Revelstoke team have gone out and built the cybersecurity equivalent of the universal translator from Star Trek and that enables dozens of different IT and cybersecurity technologies to talk to each other, ensuring automation and orchestration works exactly the way they should. As vendors continue to bring new solutions to market and organisations adopt more and more tools, Revelstoke’s technology is the connective tissue that is critical for making the security stack work together as a one unified defense.
The Arctic Wolf Difference
By incorporating Revelstoke’s SOAR platform and universal data layer into the Arctic Wolf Security Operations Cloud and Concierge Delivery Model, Arctic Wolf will be now able to provide customers with the advanced technology and deep security operations expertise needed to make SOAR outcomes essentially turnkey.
For our customers this means we will provide them with even more advanced cross-attack surface correlation to ensure comprehensive and speedy threat detection and response, all in a way that can be strategically tailored to the unique needs of their business.
We will also be empowering customers to realise greater value from their existing cybersecurity and IT investments by correlating data across tools and organisational silos for normalisation and analysis. The Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes more than 4.5 trillion security events per week making it one of the most powerful security platforms in the world. With Revelstoke, we hope that customers will soon be able to unlock hundreds of additional detection and response actions to further drive down cyber risk for organisations of almost any size.
And finally, and most importantly, we intend to further enhance the game-changing noise reduction that our customers know and love us for; ensuring that the thousands of daily alerts the would be receiving without our unified platform are instead distilled into, on average, one single actionable ticket each day.
Welcome to “The Pack”, Revelstoke. Excited to have you help us end cyber risk.
