Introduction
Organizations across the globe are facing an increasing number of cybersecurity threats and vulnerabilities. A Security Operations Center (SOC) receives a massive number of alerts every day using advanced monitoring and threat detection tools, and most of the received threats and vulnerabilities are false positives. Manually analyzing and resolving a massive number of security alerts may in turn lead to burnout in security analysts. Due to limited bandwidth on overworked analysts, many critical alerts may get ignored, and a limited number of security alerts are actively investigated and triaged.
Orchestrate enables security analysts to compile threat-related data from various disparate sources and then orchestrate and automate the response to security threats and vulnerabilities using automated security workflows. Orchestrate provides advanced orchestration and automation capabilities that lead to faster threat detection, improved analysis, and swift response. Orchestrate helps organizations to automate and manage their threat intelligence, collection, analysis, response, and security operations lifecycle.
Benefits
The main benefits of Orchestrate are:
Supports automating the process of detecting critical alerts within a high volume of threats. This helps in reducing the alert noise generated from false positives which in turn increases efficiency and helps your security analysts to focus on high-fidelity critical alerts.
Allows you to prioritize and allocate resources effectively to support critical functions by executing automated threat response workflows.
Reduces the mean time to respond (MTTR) to threats and increases operational efficiency with an overall return on investment (ROI) in cybersecurity.
Facilitates in the easy building of interoperable integrations with custom or third-party tools, cloud-deployed resources, or on-premises technologies using Open APIs.
Offers a dedicated playbook library that saves the time and effort consumed in building playbooks from scratch. If your organization has an existing threat response plan, then you can use and customize Playbooks from the library to match your requirements.
Key Features
The following are some of the key features of Orchestrate :
Playbook Store: Jumpstart your orchestration and automation efforts by utilizing a vast library of pre-built playbooks from the Playbook Store and customize them to suit your specific business needs.
Appstore: Orchestrate has a comprehensive list of out-of-the-box apps under various categories that are available in the Appstore library. Use these apps in a playbook, or clone an app and further customize it to meet your unique requirements.
Custom Apps: Orchestrate offers a basic framework to build your own custom apps using a Python IDE (Interactive Development Environment).
Run Logs: Use run logs to analyze the execution details of a playbook for debugging purposes.
Labels: Attach labels to a playbook to automatically trigger the execution of a playbook on the occurrence of an event.
Playbook Tags: Associate a tag with a playbook to implement role-based access control (RBAC). Playbook tags can be managed in Orchestrate and used in CFTR to provide role-based access.
Cyware Agents: Bridge the operational gap between the cloud applications and on-premise deployed security solutions using Cyware Agent. Security analysts can configure the Cyware Agent with apps and playbooks to establish communication between the playbooks and the customer resources that are hosted in an on-premise environment.
Open API: Integrate Orchestrate with third-party systems or external applications using Open API.
Webhooks: Use webhooks to bypass data exchange complications by generating token-based URLs and authenticating endpoints whenever POST requests are triggered in the Orchestrate application.
Syslogs: Stream the data from integrated applications to trigger the configured events using the Syslog protocol.
Data Sync: Synchronize data by transferring huge volumes of data between two applications using Orchestrate without impacting performance or user experience.
Persistent Lists: Define and store data in a persistent list that can be reused across Playbook nodes, eliminating the need to manually enter data multiple times. Data stored in a persistent list can survive system reboots, system crashes, and more.