The NIST Cybersecurity Framework identifies five functions (Identify, Protect, Detect, Respond, and Recover) as the five primary pillars for a successful cybersecurity program. These functions focus on cybersecurity management at a high level and define both proactive (i.e., protect before the attack – or left-of-bang) and reactive (i.e., response after the attack – or right-of-bang) requirements.
SOAR (Security, Orchestration, Automation, and Response) automates a right of bang response by analyzing information gathered from multiple solutions (for example, SIEM, IDS, or UEBA systems) in order to ascertain whether an organization has been breached. It also helps define, prioritize, and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format, often called a playbook.
Orchestra’s XIP (eXtended Identify and Protect) is the left-of-bang complement to SOAR. It is focused on continuously assessing organizational cyber risk in order to minimize, monitor, and control the probability or impact of cyber events on the organization. XIP provides a holistic approach to proactive cyber security operations based on actual cyber risk instead of event-driven cybersecurity operations based on perceived risk.
Orchestra’s XIP defends against lurking cyber risks by gathering cyber threat and compliance intelligence and applying them to an extended inventory of organizational assets, connectivity, and control information (aka, a cyber twin). Orchestra XIP’s unique automated purple (red and blue) team scenarios map and prioritize cyber risks and their mitigation. This unique automated purple team provides a prioritized, actionable roadmap to minimize, monitor, and control the probability or impact of cyber events on the organization before they occur.