Welcome to the WEI Tech Exchange Blog

SOAR Use Case: SEC Requirements For Cyber Reporting

Written by Todd Humphreys | Nov 15, 2023 9:17:42 PM

Today’s discussion on sustainability is increasingly prevalent in ongoing dialogues, touching on varied issues from governmental budgeting practices to environmental concerns over global population growth. The state of sustainability is also a hot topic when it comes to cybersecurity as the aging reliance on human-led incident response grows flawed. The rationale for this shift is straightforward:

  • Cyberattacks are escalating in frequency, severity, and sophistication.
  • Modern business environments necessitate rapid IT responses, with processes required to move at breakneck speeds.
  • Regulatory compliance requirements are becoming more stringent and complex.

Quickly Assess Readiness and Precision

The tightening of regulatory compliance in the financial sector is underscored by the Securities and Exchange Commission's (SEC) recent adoption of enhanced guidelines on risk management, strategy, governance, and incident disclosure, which were announced on July 26, 2023. These new mandates apply to all publicly traded companies under SEC jurisdiction. While IT and cybersecurity leaders should familiarize themselves with the new rules, the most pertinent update is requiring cybersecurity incidents to be disclosed within four business days after an incident is deemed material. Even more, the SEC states that a materiality determination should be made without unreasonable delay.

The rationale behind this stringent timeline is founded on the potential impact that cybersecurity incidents have on shareholder value and the broader market. Timely disclosure ensures that investors are adequately apprised of risks to their investments and can make informed decisions regarding any financial exposure stemming from such incidents.

Unfortunately, the approach of placing humans on the incident response frontlines is growing more antiquated as the years tick by. That is why modern next-gen security operation centers (SOC) integrate automation into time-saving workflows to maximize operational efficiencies and better satisfy today’s shrinking disclosure windows.

The Benefits of Automation

Incorporating automation into your SOC can yield significant advantages including:

  • Streamline time-sensitive manual tasks: While necessary, these tasks overburden most SOC analysts. Automation tackles these repetitive duties, freeing up your team to concentrate on higher-priority threats and strategic defense enhancements.
  • Enhanced processing and response: Automation assist SOC teams in processing incidents and accelerates overall response time. Analysts live and breath by their MTTD and MTTR rates, and enterprise leaders must realize the power these metrics carry.
  • Proactive, not reactive: By diverting resources from low-complexity tasks to the proactive analysis of significant risks, your staff can better focus on incidents deemed material in nature. This provides more resources at ground zero should a significant cyber incident take place.

SOAR Automation

One way to automate your SOC is to implement a Security Orchestration, Automation, and Response (SOAR) solution such as Cortex XSOAR from Palo Alto Networks. Consider the experience of Sitecore, a top-tier digital experience firm recognized in Gartner’s 2022 Magic Quadrant. After implementing Cortex XSOAR, the company achieved 90% automation of security events in their SOC with an average time to fix of only nine minutes. And here's the clincher: With upwards of 45,000 events recorded each week, it only takes two analysts to manage all of Sitecore’s cyber incidents. Clearly, less is more when it comes to SOAR.

This level of automation not only showcases the power of SOAR solutions in optimizing security operations, but also underscores the potential for significant resource allocation and efficiency gains within any SOC. It isn’t just about stats, however. Sitecore also witnessed an improved investigation quality as their security analysts collaborated more closely, leading to quicker action and deeper learnings.

Threat Intelligence Management

Cortex XSOAR propels SOC environments into a new era of efficiency with features like automated phishing playbooks, vulnerability management orchestration, and cloud threat detection. For now, let’s focus on threat intelligence management (TIM). SOAR TIM utilizes threat feeds that then provide context for alerts as they arrive. While alerts are ingested, you can automatically enrich them with the latest threat intel from your feeds, giving you insightful context for how external and emerging threats impact your environment.

The TIM module in Cortex XSOAR goes a step further by automating indicator enrichment. This provides SOC analysts with advanced notice and a nuanced understanding of emergent threats, thereby empowering them to preemptively thwart potential attacks.

Threat intelligence is but one facet of SOAR, however. Palo Alto’s Cortex XSOAR helps transform security operations by TIM with case management and real-time collaboration. This cohesive approach enables SOC teams to consolidate alerts from disparate sources, normalize operations through playbook application, leverage threat intelligence decisively, and orchestrate a comprehensive automated response for a wide array of security scenarios.

Streamlining SEC Compliance With Cortex XSOAR

Cortex XSOAR emerges as a pivotal tool in helping enterprises meet stringent disclosure timelines set by these new SEC regulations. It streamlines the entire lifecycle of incident response from detection to remediation and reporting. Here's how XSOAR transforms the SOC’s capabilities, making the 96-hour reporting requirement more achievable:

  • Empowers SOC teams to manage incidents rapidly and at scale, ensuring timely action.
  • Fosters faster incident response by consolidating alerts, incidents, and indicators from numerous sources into a single pane.
  • Synchronizes threat intelligence with automated, playbook-driven responses for immediate security measures.
  • Assists analysts with decision-making support and auto-generates documentation of all actions for compliance reporting.

As the SEC reshapes what is expected from cybersecurity disclosures, SOCs must adapt by integrating solutions like Cortex XSOAR to not only comply with regulations, but to also enhance their overall security posture. To learn more about the transformative power of Cortex SXOAR as well as other solutions and strategies to hep adapt to these new regulations, speak with a WEI cybersecurity specialist today.