IBM Security SOAR is a security orchestration, automation and response platform that helps security teams and security operations teams to create and manage incident response playbooks across a diverse infrastructure.
Tufin SecureTrack+, SecureChange+ and Enterprise provide customers with a fine-grain view of the security and compliance posture of their network security devices, application context and the ability to automate change management to remediate risky configurations. Beyond using Tufin for intelligence network access management, a popular extended use case is SOAR playbook enrichment.
Tufin enriches SOAR playbooks with its unmatched network topology and connectivity intelligence. Details regarding the network access, path analysis, compliance status, device inventory and blast radius are some of the use cases that are made available as playbooks to IBM Security SOAR by Tufin, thus enabling the security analysts to correlate and view incidents from the viewpoint of the network.
The IBM QRadar playbooks help reduce manual back-and-forth incident response steps across third-party orchestration and automation tools. Tufin provides network context to further reduce manual back-and-forth analysis and improve dynamic playbooks.
Proper context is vital for reliable automated workflows and decision making. Unreliable or incomplete contextual information gathered during the triage and investigation stage of an incident can lead to weak decisions, resulting in loss of efficiency, or worse, a potential security incident remaining undetected. The dynamic nature of today’s modern enterprises means that static network documentation, such as spreadsheets of configuration databases, are inefficient and obsolete by the time they are used in a production environment.
Scoping potential security incidents across a hybrid, heterogeneous infrastructure manually is tedious and nearly impossible. Tufin enables teams to build topology maps that detail connectivity across an entire hybrid network. The map shows source-to-destination traffic routes, information which Tufin accesses to determine if the traffic is permitted by policy. Automated workflows escalate higher-risk events so security teams never waste their time on what could be automated.
Tufin provides network topology and connectivity intelligence to improve the accuracy of criteria that would trigger a workflow. For example, if there is an alert because malware was detected on a server, Tufin network data can provide context to determine urgency and potential impact. If the server is not exposed to the Internet, that might be a lower priority than compromises on machines that are exposed to the Internet. Likewise, Tufin can provide connectivity intelligence to identify all systems that compromised server as access to.
It is a security orchestration and automated response solution (SOAR). It consolidates case management, automation, real-time collaboration and the management of threat intelligence to serve security teams throughout the incident lifecycle.
IBM Security SOAR has repositories on github that feature content packs, Python APIs, reference documentation, and more
IBM Security SOAR also enables security teams to:
Tufin has the broadest ecosystem of api integrations, including the major SOAR platforms, SIEM solutions, vulnerability management tools, such as Tenable, ITSM solutions for end-to-end automation, such as ServiceNow and more.
Only Tufin provides automation and a unified security policy, from on-prem to cloud, across NetSec and DevOps.
