SOAR

The first thing that everyone wants to do when they get their brand new SOAR out of the shrinkwrap is solve phishing. I hate to be the one to break it to you, but if we were going to solve phishing, there wouldn’t be six or so anti-phishing vendors out there right now. (Technically malware was the first computer security problem that we struck, with the Morris worm, but in terms of things that face regular users, phishing is the first problem. Paul Graham first started applying bayesian analytics and machine learning to this stuff in the 90s, or something crazy, and we still haven’t solved it yet.)

SOAR

Running Your SOC Playbooks as Code: Getting Started

You know when you run into someone you haven’t seen in for a while, and you’re like: “How’s that car you’re rebuilding?” And then for the next two hours they excitedly tell you about it? That’s pretty much what I’m like with SOAR at the moment (Security Orchestration, Automation, and Response). I’ve been living and breathing SOAR for the last two or three months. It’s a really interesting area, and probably the only thing in security that I think everyone should do.

SOAR

Running Your SOC Playbooks as Code: Use Cases, a.k.a. Don’t Start With Phishing

Running Your SOC Playbooks as Code: Getting Started