Photo credit: www.networkworld.com

Advancements in Cybersecurity Automation with XDR and SOAR

In a recent blog post, Shipley emphasized the transformative nature of the latest Extended Detection and Response (XDR) capabilities in cybersecurity. The integration of machine learning and large language models (LLMs) enables automated detection and response for prevalent attacks. This sophisticated system activates multiple AI agents, each focusing on distinct phases of the investigative process, resulting in definitive outcomes for every case. These conclusions can prompt predefined action plans in Cisco XDR or Splunk SOAR, allowing for immediate responses that can be executed either autonomously or with human oversight, tailored to an organization’s protocols.

Splunk SOAR, which stands for Security Orchestration, Automation, and Response, serves as a vital platform for managing automated responses to cyber threats. Cisco reported enhancements to SOAR, available now, along with an upcoming release of Splunk Enterprise Security 8.1, scheduled for June. These updates are designed to augment security operations through improved visibility and integrated workflows. They aim to enhance detection methods as well as streamline automated responses directly within the enterprise security framework.

Another significant enhancement in XDR is its newly introduced automated forensics capability. This feature provides a more comprehensive view of endpoint activities, thereby boosting the precision of investigations.

According to Shipley, the XDR Forensics capability represents a pivotal advancement for security operations. It facilitates the collection of over 350 artifacts from endpoints, including those that may be compromised or only partially encrypted. These pieces of evidence—which encompass registry files, memory dumps, and activity logs—are crucial for thorough forensic examinations. The process of gathering forensic evidence can be initiated based on various indicators, such as risk assessments and behavioral analytics, or through a single command on the incident management page.

Furthermore, XDR has launched an AI-powered Attack Storyboard designed to illustrate intricate attacks and expedite understanding for security teams. Shipley noted that this tool generates a dynamic Attack Graph, aligning events with MITRE ATT&CK tactics along a timeline of the attack while summarizing critical steps for users at all levels—from security operation center (SOC) analysts to IT professionals without security specialties. This visualization aids in swiftly comprehending the nature of threats and determining appropriate responses.

“AI orchestrates the investigative process, identifies root causes, and suggests containment and remediation strategies,” Shipley commented. “This ensures that decisions are made swiftly and with greater assurance. For auditors and executives, the storyboard presents audit-ready narratives in accessible language, converting complex technical details into actionable insights. It delivers a clear verdict and guides decisive action with confidence.”

Source
www.networkworld.com