Offering a "full-stack" "full-lifeycle" experience to maximise the opportunity for our customers.
Designed to keep you at the cutting edge of AI, Cyber, and IT advancements, we are voicing the unsaid and shaping the future of business technology solutions.
Latest Insights
As a Business Technology Services Partner, we explore the art of the possible.
Our Microsoft Partnership
Thank you for your interest in Acora. We'd love to hear from you! Please feel free to drop us a message via our contact form.
Follow Us
Work with us
To view this video please enable JavaScript, and consider upgrading to a web browser that
Home News room Insider Insights: A CISO Perspective on the value of SOAR
Acora is a UK based, award-winning IT services and technology company with over 25 years’ experience. We provide a range of IT support and Microsoft-centric business software and cloud solutions to help mid-market organisations modernise their IT so they can compete and win in the digital economy. More than 200 clients trust us to take responsibility for part, or all of their IT from solution design to support.
Gartner’s latest report on Security Orchestration, Automation, and Response (SOAR) has ignited a heated discussion within the cyber security community. The report critiques how SOAR has not lived up to its initial hype, revealing significant shortcomings and overstated promises. It highlights how it often falls short due to the complex threat landscape and operational challenges. As a result, many organisations are struggling with high costs and disappointing returns on their SOAR investments.
Our Chief Information Security Officer (CISO), Darren Humphries, shares how Acora handles these challenges. He talks about how Acora’s approach not only addresses the shortcomings identified in Gartner’s report but also optimises SOAR effectively from both a technology and partner standpoint, all whilst making sure that it complies with realistic security needs.
Initial setup costs are addressed by defining which alert is most critical. This is done through integrated workflow intelligence and automated threat hunting built to efficiently identify attack, compromise, and phishing attempts. Analysts have all information at their fingertips as a package of data to work on, allowing them to handle multiple cases as one and focus senior roles on high-priority issues. We have our goals, methodologies of how we want to achieve and as end users, we have that knowledge as things evolve. All lessons learned are incorporated into the playbook data, saving analysts time and money when they check out credentials and enter into systems and metricate them.
To lower continuous maintenance and support expenses, Acora employs a well-structured team of analysts and detection engineers. For every 100 L2 in the world, there is one good detection engineer, which guarantees the support and expertise required to enhance detection capabilities. This setup is similar to that of a racing car driver and technician, where a thorough knowledge of the system enhances overall performance.
As an outsourced provider, Acora offers a flexible service model that incorporates SIEM and SOAR platforms. With this setup, we cater to 84 clients with up-to-date threat intelligence. By utilising crowdsourced intelligence from our partners and customers, we have the ability to enhance our SOAR and SentinelOne platforms without the need for specialised personnel or analysts with extensive coding skills.
Acora excels at integrating third-party connections and customised tools to improve and integrate primary security processes. Whilst SOAR systems are central to the workflow, additional tools like Tenable NESSUS are used for specific tasks, ensuring that the best resources are available for each need thus, avoiding disillusionment with unrealistic expectations of SOAR as a standalone solution. Rather than replacing the current systems, we concentrate on improving the main use cases.
SOAR systems are tools meant to support human decision-making not a replacement for existing security solutions. Acora’s service architecture is centred on improving these tools to support human intervention and decision-making processes as opposed to resolving every security issue on its own.
Acora ensures that its SOAR system stays current with changes in hacker tactics, techniques, and procedures (TTPs) by using it as a central workflow system to guide analyst activities and priorities. Whilst SOAR enhances security operations, it does not replace essential tools like SIEM or cloud systems. Rather, it complements them, similar to how a Swiss Army knife has various tools for different tasks. The key is understanding and using each tool for its intended purpose, avoiding misconceptions about SOAR’s purpose in the broader security ecosystem.
Despite Gartner’s concerns about the decline of SIEM and SOAR, we actively maintain and make use of these tools by rigorously testing them, engaging with customers, and innovative approaches from Picus and detection engineering to ensure they remain relevant and up-to-date. We collaborate with our ecosystem partners and utilise top-tier tools and training to support our hybrid models, including SOCaaS. Acora’s proactive strategies and innovative models address the evolving challenges of SOAR systems, ensuring that they provide top-tier security services and maintain resilience against emerging threats.
As 2024 draws to a close we can reflect on what has been another challenging year for businesses of all sizes, while looking ahead to the opportunities that 2025 brings. With a new Government, new US President on the way…
Acora, a leading IT and Cyber Security technology services provider, is proud to announce the acquisition of Elastacloud, a trailblazer in data science and artificial intelligence. This strategic partnership represents a significant milestone in the shared vision of both companies,…