In the never-ending fight against cyber criminals, effective SOAR playbooks are one of the most valuable weapons in a security team’s arsenal. Whether they’re pre-built by the SOAR vendor, or honed over time based on internal experience, playbooks can standardize effective responses to common incident types. The best playbooks free up resources through automation while minimizing human error and accelerating the speed of action across the environment.
We recently published a whitepaper titled, The Top SOAR Playbooks You’ll Need in 2022, which you can download here. In that whitepaper, we break down three playbooks that we think will be especially valuable in the near future. Of course, picking just three leaves a lot of important use-cases on the cutting-room floor. So in this blog, we’ll look at two important playbooks that didn’t make the cut: ransomware and cryptojacking.
Ransomware should be top of mind for every organization, with healthcare, government, and manufacturing among the most frequently targeted industries. Because a ransomware attack usually starts with social engineering, it is very hard to eliminate the risk of ransomware entirely. That’s why you need an efficient playbook to analyze potential ransomware and orchestrate a rapid response to contain it.
D3’s out-of-the-box ransomware playbook is based on NIST guidelines, ensuring proven best practices are applied throughout. The playbook quickly enriches potential ransomware events to assess their risk, determines the extent of the incident, and automates response actions across the environment.
It’s not as common a use-case as the ones that made our top three, but cryptojacking is an increasingly big headache in the world of cloud security. If you’re not familiar with the term, it refers to adversaries remotely hijacking a machine to “mine” for cryptocurrency. As the value of cryptocurrencies like Bitcoin have grown, it has become quite lucrative for hackers to coopt a company’s machines to conduct resource-intensive mining.
In order to respond to potential cryptojacking incidents, you need to be able to integrate your cloud infrastructure with your security tools. With D3, you can integrate your cloud and on-premise stacks into one unified system.
If you want to learn which playbooks made our top three, you can download our new whitepaper, The Three Playbooks You’ll Need in 2022, here. In that whitepaper, we go step-by-step through the workflows that are must-haves for security teams that are looking ahead to 2022. Also check out our latest resource, The Top 3 SOAR Playbooks You’ll Need in 2023“, for ideas on how you can use automation in ways you might not have considered. For more SOAR playbook examples, check out this page which highlights the top SOAR use cases and this round-up of SOAR playbooks on our blog.