Our vision for Cloud SOAR and the future

After a couple of hard-working months full of exciting strategic discussions following the acquisition of DFLabs by Sumo Logic that was concluded this May, we are surely moving forward and laying the groundwork for the future of our Cloud SOAR as a part of Sumo Logic’s Modern SOC Strategy.

While we’re already delighted with the success our Cloud SOAR has achieved so far, our goal to be at the forefront of the cybersecurity industry leaves no room for dwelling on past achievements and forces us to always have one eye set on the future.

Considering the preeminent role of SOAR in the modern SOC and SecOps ecosystem, Dario Forte, founder and CEO of DFLabs and current VP and General Manager of Orchestration and Automation at Sumo Logic, shares his insights and vision for the future of Cloud SOAR.

Top challenges faced by SOC teams and the need for reinvention

We are aware that real-time data analytics, machine learning, and AI-enhanced automation are driving the continuous evolution of cybersecurity. Organizations are hastily embracing the new age of rapid digitization. However, as the digital transformation leads to new revenue streams, it also brings forth new security challenges and vulnerabilities that must be addressed.

To stay one step ahead of malicious actors, security leaders must reinvent traditional processes and adapt to the new dynamics posed by the evolution of digital transformation. And, to successfully protect the increasing volumes of data, CISOs will have to leverage modern, cloud-native security solutions that overcome the barriers set by obsolete technologies and processes.

Today, the biggest challenges SOCs are facing are:

• Increasing volume of security alerts

• Management of numerous, siloed security tools

• Competition for skilled analysts and lack of knowledge transfer between analysts

• Budget constraints

• Increasing cost of security incidents

• Growing legal and regulatory compliance requirements

Overcoming legacy SOAR challenges with Cloud as the normalizer

Modern, cloud-native services ensure that computing requirements are distributed across instances for optimal operation by maintaining each customer's optimized and separate workload. Customers can experience optimal performance through constant monitoring and refinement of availability, resource utilization, and backup processes.

The future of Cloud SOAR: increasingly open approach

We envision a future where Cloud SOAR plays a central role as a driving force in modern SOCs and beyond. The core capabilities of Cloud SOAR that revolve around automation, orchestration, and SecOps dashboards will continue to sprout deeper roots in the cybersecurity industry. As time goes on, we are optimistic that more and more CISOs and security leaders will realize that automation is not a luxury but a necessity.

We expect analysts to increasingly rely on information gathered in an automated way and focus their efforts on using the learnings to better understand the situation and respond effectively to threats.

Cloud SOAR will evolve to constant refinement and adjustments to stay ahead of the evolving threat landscape, while addressing the needs of our customer base. We anticipate significant enhancements such as:

• Enhanced data scalability

• Improved Open Integration capabilities

• Machine learning-driven automation and recommendations

• Delivering real-time insights and shared intelligence

• Addressing more non-cyber use cases

Our target is to continue to perfect Cloud SOAR and offer SOC teams a more refined, flexible, and easily customizable solution that will protect their premises both on-cloud and off. Cloud SOAR will continue to evolve in the same way it has been evolving until now - with one eye set on innovation and the other set on optimizing its current set of capabilities.

Cloud SOAR fits nicely into Sumo’s Modern SOC Strategy

Our vision fully aligns with Sumo Logic’s long-term plans. As Sumo Logic continues to offer best-in-class security solutions, the addition of Cloud SOAR ( formerly-known as IncMan SOAR) fits perfectly like a piece into Sumo’s Security Intelligence portfolio.

Sumo Logic’s Continuous Intelligence Platform focuses on cloud-native security solutions. Given that the goal is to help our customers to make well-informed, data-driven decisions based on real-time analytics and insights, Cloud SOAR is the perfect augmentation to Sumo Logic’s Cloud Security Monitoring and Analytics and Cloud SIEM solutions.

Cloud SOAR is deemed as the driving force of the next-gen, modern SOC

The proud history of Cloud SOAR is based on the premise that Cloud SOAR paves its own road in pursuit of excellence in the cybersecurity industry. The multiple patents received for our innovations and the myriad of contributions invested into SOAR technology speak volumes of our achievements to date.

Our expectations for the future of Cloud SOAR and its close collaboration with Cloud SIEM

We consider it as the perfect marriage. Sumo Logic Cloud SIEM automatically triages and converts security alerts into Insights, which are actionable hi-fidelity alerts, and Sumo Logic Cloud SOAR takes over from the Insights. Customers that have both solutions can improve their incident response plans by optimizing and automating Standard Operating Procedures. The implementation of security automation creates a balance in the SOC environment, allowing security professionals to keep doing what they do best, minus the repetitive, low-value, and time-consuming tasks delegated to automation.