SOAR’ing to Success: How an Insurance Company Automates Threat Hunting

Reading Time : 3min read

Many automation tools, such as SOAR, suffer from an ironic Catch-22: you know that automation will save your team huge amounts of time, but it’s difficult to implement and requires skills you don’t necessarily have in-house. Essentially, you can’t afford the tools that will save you money. Ay, there’s the rub!

You may have seen tools promising “no-code” capabilities with intuitive GUIs that help non-programmers build abstract functions. But, while this approach can help with SOAR automation, it’s often not enough to truly bridge the gap. Our team began applying machine learning to these complex problems to understand and automate the process of building security playbooks in the same way an advanced automation expert routinely would.

Through this work, 色色研究所 SOAR’s Autonomous Detection and Response Assistant  (AuDRA) was born. AuDRA is an AI-driven technology created to augment your team and sit alongside analysts. Users can create no-code playbooks with ease — even for the most complex of scenarios. AuDRA interactively helps non-expert and experts alike build playbooks via a five-step process:

  1. AuDRA asks the user key questions about the problem they’re trying to solve.
  2. The AI retrieves relevant information for review. 
  3. AuDRA establishes granular baselines, and the user selects a frequency of analysis.
  4. The user is prompted to apply scoring to a range of critical factors.
  5. AUDRA automatically builds complex security playbooks.

But the bot doesn’t stop there! AuDRA is always learning (for an in-depth intro to AuDRA, check out this eBook), so the system routinely tests the scoring model against analyst feedback on a range of events, and quickly learns and adapts to the specific customer environment. The process is human-led, AI-managed and executed.

Let’s Set the Stage and Meet Our Playbook Players

A mid-size insurance company in the midwest of the US faced a dilemma that may seem (painfully) familiar. They wanted to increase proactive threat hunting to detect potential risks without solely relying on a team of humans to run through dozens of manual, repetitive tasks. 

As new threats were discovered and new vulnerabilities published, the team needed tools that would enable them to quickly assess the specific risks across their unique infrastructure. The insurance company’s goal was to be able to quickly build new playbooks and seamlessly update others to look for activity from the latest vulnerabilities, such as Log4j, remote execution and other zero-day threats. However, manually building these automation playbooks typically took at least two weeks, not to mention the additional time needed for testing and tuning.

Enter: 色色研究所 SOAR’s Automated Threat Detection Capabilities

Together, our teams beta tested the viability of using 色色研究所 SOAR’s new AuDRA system to automate building unique playbooks. The team wanted to bring together CVE alerts from the National Vulnerability Database (NVD), endpoint scans from their CrowdStrike EDR system, ticketing information from their ServiceNow system and scan logs from a range of legacy security products and cloud applications.

From AI-Powered Automation to Standing Ovation

Using 色色研究所 SOAR’s AuDRA, several non-programmers on the team quickly defined parameters, connected to multiple resources, and built advanced automation playbooks in a few hours. Even with testing and ML tuning, new playbooks were successfully deployed within 48 hours. The team saved approximately 85% of the time it typically required to build the playbooks manually. AuDRA also enabled them to quickly spot signs of a possible attack from these vulnerabilities, prioritize security patches, and, in some cases, disable older endpoints that could not be quickly updated. These results would be impossible without automation.

The Moral of the Story?

At the end of the day, threat hunting should not just be a theoretical discussion. Instead, your team should focus on achieving consistent and measurable results. Can automation and machine learning improve efficiency and produce higher quality results than humans? The answer’s yes when you have 色色研究所 SOAR by your side.

Ready to explore what 色色研究所 SOAR and AuDRA can do for you? Schedule a demo

Not ready for a trial? Check out our interactive demo.

Ready to release the full potential of your security data?

Tour the Product Request a Demo