Swimlane, the leader in low-code security automation, is pleased to announce it’s the recipient of the Platinum 2022 ‘ASTORS’ Homeland Security Award from American Security Today for its Security Orchestration, Automation and Response (SOAR) solution, Swimlane Turbine.
American Security Today’s Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program and continues to recognize industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders, as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts.
The Annual ‘ASTORS’ Awards Program is specifically designed to honor distinguished government and vendor solutions that deliver enhanced value, benefit, and intelligence to end-users in a variety of government, homeland security, enterprise, and public safety vertical markets.
“‘ASTORS’ nominations are evaluated on their technical innovation, interoperability, specific impact within the category, the overall impact to the industry, relatability to other industry technologies, and application feasibility outside of the industry,” said AST’s Publisher, Michael J. Madsen.
The Importance of Low-Code SOAR for Government Agencies
To combat the growing threat landscape, the Biden Administration issued a series of Executive Orders (EO) which seek to improve the nation’s cybersecurity posture. Government agencies are now mandated to implement specific cybersecurity standards by the end of the Fiscal Year (FY) 2024. Specifically, all U.S. Government agencies are now required to move towards zero trust cybersecurity principles. SOAR is one of the required technologies.
EOM-21-31, issued on January 26, 2022, goes into detail about the specific timelines and expectations for the mandate for the maturing of SOAR. The order outlines a three-phase approach that requires the planning and implementation of standardized logging as well as orchestration, automation and response across all government agencies within 24 months.
Download the white paper: Meeting Executive Order M-21-31 for SOAR.
Above: The timeline set out in the Executive Order relating to the Logging Orchestration, Automation, and Response.
It’s clear that government agencies need SOAR as a part of their security operations center (SOC). But why is Swimlane Turbine so important for these agencies?
Respond to More Alerts: Security teams receive upwards of 10,000 alerts per day. There is simply no way for the Department of Defense (DoD), civilian agencies, or large enterprises in the private sector to handle the volume of security alerts. Turbine automates the repetitive, time-consuming tasks at machine speed to free up SecOps teams to triage bigger threats.
Address Staffing Shortages: 86% of cybersecurity job postings attract fewer than 10 applicants today. Cybersecurity hiring would need to increase by 41% in the United States to fill this gap. The pressure of alert overload, disconnect tools and complex processes puts extra pressure on understaffed security teams. Turbine helps security teams respond to more threats faster, without the need to hire more staff.
Implement Zero Trust Architecture: Adopting Zero Trust security principles is the most urgent mandate that federal agencies face today. To implement a Zero Trust architecture by 2024, security automation is the only answer. Turbine also makes it easier to maintain regulatory requirements and compliance standards across sectors.
What does a SOAR platform do?
A SOAR platform is a solution that automates security processes to make them more efficient and effective. The term “SOAR” stands for Security Orchestration, Automation and Response, which are three of the primary focuses of a SOAR platform.
Security Orchestration: Orchestration ingests information in real-time, analyzes it and makes a determination (e.g. risk, severity, etc.). Then, it uses that information to make updates and changes, or take action in multiple disparate systems simultaneously in real-time.
Security Automation: Automation is the ability to do the work of a person without the need of that person. The goal of automation is to remove the burden on people to process the endless amount of data that is generated every day by security tools.
Response: Response is the ability to take mitigative steps to prevent or thwart a security breach. The goal of response, especially the automated type, is to respond as quickly as possible to malicious activity across the environment to reduce the potential impact of malicious actors.
Ensure Compliance with NIST Standards
The National Institute of Standards and Technology (NIST) has released a set of standards that are intended to help the federal government address the security of its data. These standards ensure that agencies are properly protecting data. However, NIST standards can be difficult to implement — particularly for agencies not leveraging automation.
In order to meet the Executive Order, any Orchestration, Automation and Response capabilities must comply with NIST requirements for Incident Response outlined under 800-61 Revision 2. This means that the methodology used to respond to logging alerts will require the NIST process of:
-
Coordination
-
Preparation
-
Detection & Analysis
-
Containment, Eradication, & Recovery
-
Post-Incident Activity
The ability to meet the 800-61 guidelines can be difficult for teams relying on highly-manual processes. Meeting both the 800-61guidelines and the Executive Order is now impossible to adhere without the proper tooling.
One way to ensure compliance with NIST standards is by using low-code security automation platforms, like Swimlane Turbine. Turbine’s powerful case management system enables security teams to easily follow both industry best practices, as well as the NIST methodology for incident response. Turbine manages all of the important information about a case, as well as guides users through the NIST framework.
Turbine’s case management provides organizations with a full audit trail of every action and decision within the SOC. Centralized case management serves as a system of record for future analysis, reporting and decision-making. In all, this satisfies most of the demanding compliance requirements government entities face.
Why Government Agencies Choose Swimlane
Multiple U.S. government agencies rely on Swimlane low-code security automation to support their security operations. Turbine’s low-code automation engine helps security leaders tackle the toughest challenges related to Zero Trust, including:
-
Centralizing siloed security tools
-
Integrating new and legacy systems in alignment with zero trust principles
-
Retaining and hiring qualified staff
Protecting government entities is no small feat. To equip agencies with the most support possible, Swimlane partners with industry leaders to maximize the power of low-code security automation. For example, Swimlane partners with Merlin Cyber to help public-sector customers overcome major SOC challenges, like adopting Zero Trust strategies.
“The adoption of Zero Trust strategies is most effective when carried out in conjunction with security automation. As government agencies seek to take more extensive steps to secure their attack surface and maximize incident response, Swimlane’s platform being flexible enough to support use cases beyond traditional SOAR makes it a significant asset.” – Miguel Sian, Senior VP of Technology at Merlin Cyber
Real-life Results with Swimlane
Before adopting Swimlane, one of the most significant US protection agencies faced major challenges. Obstacles included a security-cleared analyst shortage, an ever-changing threat landscape, and increased risk that stemmed from the adoption of cloud infrastructure.
Within the first year of implementation, Swimlane improved the agency’s security ROI in several areas. Results included:
-
Reduced response times by 75-90% for certain routine types of threats
-
Increased overall staff efficiency by 50%
Analysts were able to focus on more advanced, action-centric roles such as incident response and forensics. It helped overcome operational talent shortages and staff burnout while maintaining both talent and institutional knowledge.
Read the full case study: How an U.S. Government Agency Improves SecOps with Swimlane.
The Platinum 2022 ‘ASTORS’ Homeland Security Award from AST further highlights Swimlane’s ability to elevate security teams in these vital sectors. Government, homeland security, enterprise, and public safety vertical markets can rely on Swimalne Turbine to improve the efficiency and effectiveness of their security operation.
Datasheet: Swimlane Turbine Platform Overview
The future of security automation has arrived. Download the platform overview that highlights Swimlane Turbine features and capabilities. Learn about Turbine’s Active Sensing Fabric, Autonomous Integrations, Adaptable Playbooks, and how it becomes the system of record for security.