Automating workflows and security responses with full operational visibility
With the advanced security orchestration, automation and response (SOAR) capabilities of Splunk SOAR, MBSD easily manages security events and cases with workbooks and visualizes them as reports. In one case, for example, the company was building a service management system for a customer to consolidate different solutions across various regions. Thanks to Splunk, MBSD achieved a stress-free operation and seamlessly integrated the system with the customer’s SOC framework.
“Although the SOAR platform we developed in-house enabled automation to a certain extent, it couldn’t take care of all types of operations,” Sekihara says. “Human-based management was sometimes required, especially when managing sensitive information since SOC and SIRT operations were not well coordinated with each other.”
It wasn’t until MBSD deployed Splunk SOAR that manual processes could be visualized on a single pane of glass, allowing security analysts to work more efficiently. To further bolster productivity and security, the company now also tracks time spent on human-to-human contact, such as phone calls and emails, and the amount of information disclosed outside the company.
In addition to automating data collection, identification, investigation and incident response, MBSD applies threat intelligence to automated processes according to predefined rules, which enhances email filters to guard against suspicious messages and prevent real threats from slipping through the cracks.
“Splunk SOAR works smoothly with our threat intelligence system,” Sekihara says. “It reacts immediately once the threat intelligence system detects an invalid domain registration while also helping us record response history and visualize progress toward key performance indicators.”