Imagine a situation where a coworker logs in from an unusual location using an account she doesn't typically use but with elevated access permissions. This raises concerns about potential unauthorised access or compromised credentials.

Here's how OpenSecOps SOAR handles this incident:

1. Anomaly Detection: OpenSecOps SOAR leverages AWS’ advanced Machine Learning capabilities behind-the-scenes to analyse login activities across your organisation's accounts. It detects patterns that deviate significantly from normal behaviour based on factors like location, account usage history, and permission levels.
   
   
2. Immediate Notification: Upon detecting this unusual login incident, OpenSecOps SOAR notifies both the SOC team responsible for security monitoring as well as the team owning the account being accessed without authorization or in an unexpected manner.
    
3. Detailed Incident Analysis: In addition to alerting relevant stakeholders about this incident, OpenSecOps SOAR provides a comprehensive analysis of the event. The analysis includes insights into the potential risks involved, such as unauthorised access or compromised credentials, allowing teams to understand the severity and take appropriate action.
   
   
4. Remediation Instructions with Code: Alongside the incident analysis, OpenSecOps SOAR offers step-by-step instructions on how to remediate the issue effectively. These instructions may include code snippets specific to your infrastructure setup, enabling your team to implement necessary security measures promptly.​
   ​
   

By leveraging AWS' built-in intelligent anomaly detection, by proactive notification mechanisms, and by providing actionable guidance with code snippets, OpenSecOps SOAR empowers organisations to respond swiftly and effectively to unusual login incidents while minimising potential security risks.

---

Examples of OpenSecOps SOAR in Action

• ​​Autoremediation of Security Issues
• ​Engaging and Supporting Your Teams​
• ​Suspicious Logins
• ​Swift Handling of Compromised Servers

A Day's Work

• Working in a System using Foundation & SOAR​

OpenSecOps Foundation

OpenSecOps Foundation provides an industry-standard secure system set up according to AWS cloud best practices. OpenSecOps Foundation is a turn-key solution, the components of which usually take years to develop from scratch. ​It's equally suitable for startups as for enterprises with existing systems.

OpenSecOps SOAR

OpenSecOps SOAR takes your security work to the next level by providing continuous monitoring, automated incident handling and remediation of security issues. OpenSecOps SOAR actively maintains your desired security posture and saves substantial costs.