Revelstoke Security emerged from stealth today with a security orchestration, automation, and response (SOAR) platform that automates analysis, optimizes workflows, and helps analysts get to the root of incidents quickly and effectively.

SOAR refers to a class of technologies that automate security workflows and manual tasks using playbooks. Security operations centers (SOCs) typically rely on SOAR for threat monitoring and detection, threat intelligence, incident response, and threat hunting. Potentially everything can be automated in a SOC, but Revelstoke’s focus has been on helping analysts focus on monitoring and detecting incoming threats and responding to them when human intervention is required, says Josh McCarthy, co-founder and chief product officer of Revelstoke. Automating tedious SOC tasks, such as coding or looking up hashes and URLs to find out if they are malicious, will free analysts to focus on other high-priority tasks.

However, traditional SOAR tools tend to require a significant amount of programming capabilities, making them out of reach to most organizations other than large enterprises.

To overcome this limitation, Revelstoke is introducing a no-code interface to its platform to make it possible for non-developers to create automations. CISOs can automate what they want and customize existing workflows without having to write code just to achieve basic functionality or worry about downtime, McCarthy says. No-code and low-code playbooks automate information gathering, escalations, closures, and post-mortem reporting.

For example, organizations can simplify tasks such as switching detection technologies without having to write any code, the company says. With many SOAR tools, switching from point technology to another requires having to “completely tear it down and build from scratch in Python,” Revelstoke CEO Bob Kruse says in a release. The company’s Unified Data Layer creates an abstraction layer that normalizes data and actions so that vendors can be swapped without having to completely redo the workflows. The analyst can browse through the library of installations and drag-and-drop the playbook associated with that particular product into their environment.

Revelstoke has raised more than $13 million in Series A funding from ClearSky Ventures, Crosslink Capital, and Rally Ventures Management. Read more from Revelstoke.

Source: www.darkreading.com