Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

Every security team should utilize security frameworks in their strategy and tactics to help reduce risk from common cybersecurity threats. Security frameworks guide organizations on how they should develop, build, and maintain their IT security policies and procedures while sharing best practices for meeting compliance requirements. Healthcare operations in particular are often presented with increasing regulatory scrutiny and obligations that must be met in order to be competitive. These obligations have resulted in increased operational strain for organizations to remain agile in an ever-changing environment. 

National Government Services is a federal health partner who leverages technology, advanced solutions and methodologies to significantly improve operational performance for their clients. For years, they have implemented a security orchestration, automation, and response (SOAR) tool such as Splunk Phantom to help their clients achieve faster and better results within the IT and security operation centers (SOC) — all while saving costs. A SOAR platform orchestrates security actions across a plethora of security products from detection, investigation, to response and automates manual repetitive tasks which otherwise would take hours. 

Ben Hostetler, a Senior Information Security Advisor at National Government Services, shares with us how Splunk Phantom is helping their clients retain a high return on investment by reducing the mean time to resolution on some security events through automation. 

“Some of our return on investment was really built on reducing the mean time to resolution to some of these events. For instance with the RA-5 [vulnerability scan], we are now able to take the process that would take us an hour and reduce it down to maybe 10 minutes or less — from the investigation to remediation.” - Ben Hostetler

Splunk Phantom leverages a few key capabilities to help IT and security teams save time, reduce cost, and increase efficiency. Orchestration allows disparate tools to work seamlessly together. Automation reduces human error and saves time. Integrated collaboration and machine learning allows you to communicate faster, while also staying focused on the mission at hand. Event and case management brings together connected artifacts and evidence for faster investigation. And lastly, dashboards and reports provide stakeholders a way to understand team performance and efficiencies. By using a SOAR tool, organizations can leverage security frameworks to build automated frameworks that work for them. 

Designing Automated Workflows with Frameworks in Mind

There are many security frameworks in the industry that provide different recommendations for compliance and auditing. To name a few, The Healthcare Insurance Portability and Accountability Act (HIPAA), NIST-800-53, HITRUST are all well known standard frameworks. 

Ben Hostetler shares with us how his team utilized framework controls to build manual or automated workflows: 

  1. Identify the current process 
  2. Design the workflow 
  3. Develop supporting configurations 
  4. Test, test, test!
  5. Document and assess

To learn more about how to identify use cases for automation and dive deeper into the five steps of designing security workflows around framework regulations, watch the webinar “Phantom of the Opera: Using Phantom to orchestrate framework controls to support Security Operations.”

Kelly Huang
Posted by

Kelly Huang

Kelly is a Security Product Marketing Specialist responsible for campaigns and go-to-market initiatives for Splunk security solutions. Prior to joining Splunk, Kelly led the GTM strategy and execution of a flagship blockchain product at BitTorrent Inc. She holds an undergraduate degree from the University of California, Los Angeles (UCLA).


Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

Show All Tags
Show Less Tags

Join the Discussion