Security orchestration, automation and response (SOAR) is receiving more and more print these days—and with good reason.
The advances that SOAR offer are particularly relevant to healthcare because patient data is some of the most valuable data—to hackers—that there is. At the same time, healthcare organizations often operate highly distributed systems and networks, making them particularly vulnerable to attack.
First of all, SOAR is not security information and event management (SIEM), although SOAR can be seen as an enhancement to SIEM. SOAR goes further than SIEM by improving case management and reactivity of security personnel.
Any single hospital may, by itself, have 20 to 30 security products. The fundamental purpose of these products is to find and eliminate threats. That goal is quickly obscured by the sheer volume of alerts, the complexity of having so many products, and by security engineers having to manage such an infrastructure.
Here is how SOAR helps:
More subtly, SOAR can help with healthcare’s ongoing security labor shortage. As threats become more complex, the time it takes for people to process, analyze and respond to those threats increases. One of the fundamental benefits of SOAR is that it allows security staff to focus less on repetitive tasks and more on digital surveillance and threat hunting.
With SOAR tending to the tedium, healthcare organizations are better positioned to retain valuable security staff by allowing them to focus on more challenging and interesting work.
For more information about cybersecurity in healthcare, visit https://atos.net/en/industries/healthcare.
Source: Read Full Article