SOCAutomation Announces Powerful Integration with IBM QRadar SIEM



February 6, 2017

Josh Walker

London – February 6th, 2017 – Honeycomb Technologies Limited, a leading provider of Security Orchestration and Automation (SOA) platform SOCAutomation, is excited to announce the integration with Gartner-leading SIEM platform, IBM QRadar. The integration applies machine leaning, automation and orchestration to security analytics, as well as incident response – enabling security teams and SOC’s to apply huge levels of efficiency and accuracy to their day to day security tasks and processes. The security team can now automate much of their security Business As Usual (BAU), typically reducing manual processes by 80%, freeing up these skilled security personnel to perform more interesting and high value tasks for the business.
SOCAutomation seamlessly plugs into IBM QRadar and has the capability to use REST API’s, to achieve several layers of automation, namely;
– Automatically reads new alerts, termed Offences from QRadar
– Calls QRadar to perform searches aimed at adding improved security context to an alert
– Closes open offences within QRadar once they’re resolved, and can append incident notes
– Is integrated into the QRadar console as an ‘App’ – accessed via a tab in the QRadar GUI

SOCAutomation is available for download from the IBM App Exchange

SOCAutomation rapidly adds the much-needed context to incidents, making the security analysts job far ‘slicker’ by delivering knowledge to their fingertips. This context includes; collating Asset/Stakeholder information from Vulnerability/Patch /CMDB/Active Directory and any other CMDB tools; searching network and end-point tooling for detailed forensics; data mining SIEM’s and other Big Data stores, to name a few. Once an analyst has this rich compendium of information, they can then quickly decide to escalate the alert to an incident. The powerful levels of automation saves much-needed time to the SOC to get to this stage, which means the volume of alerts can all be fully handled and increases the SOC’s processing power and accuracy hugely.
The integration generates Run-Books to remediate incidents, based on context. These Run-Books contain step-by-step guides on how each user should best respond to incidents and includes both manual and automated tasks.
The platform includes a huge library of automation use cases, fully and easily customisable to fit specific security and IT environments/technologies. An advanced Automated Security Modelling (ASM) tool enables the security analyst to cater for any automation use-case, and crucially includes a comprehensive set of common security use cases out-of-the-box.
Automators are scalable and distributed, enabling customers to run automation nearest to the relevant infrastructure or security tool being automated.
KPI’s, Dashboards and Reporting
The integration enables you to measure your security incident response in real-time. Fully customisable dashboards give each user a personalised graphical representation of the data, as well as incidents and alerts relevant to them, using a fully distributed and automated reporting engine. Dashboards and reports that can be generated are listed below;
– Incidents Handled by Severity
– Incident Response Timeliness
– Open Incidents/Closed Incidents
– Incidents Utilising Most Resources
– Incidents Requiring Further Investigation
– Incident Handling Satisfaction
– Damage From an Incident
– Process Workflow
– General Mission Success
– Fire Drill Results
– Lessons Learned
– Incident Response Performance
– Incident Costs

About IBM QRadar

As IBM Security’s flagship product, QRadar is the market-leading Security Information and Event Management (SIEM) solution. By detecting anomalies, uncovering advanced persistent threat (APT’s), and removing false positives, this Gartner-leading SIEM streamlines threat management and optimises your security operations – providing real-time visibility and threat scope, as well as reducing and prioritising alerts and events. After being the leading SIEM in the Gartner Quadrant for the best part of a decade, QRadar has proved to be a hugely valuable asset to global organisations, across all verticals, and there doesn’t appear to be any signs of this dominance grinding to a halt.


Honeycomb Technologies, based in Oxfordshire, England with international offices in London, Chicago and Hyderabad, is a market-leading pioneer of Security Automation and Orchestration (SOA), Incident Response and Task Management technologies – the flagship solution being SOCAutomation. SOCAutomation, designed for global SOC’s and Information Security teams, is a platform that interweaves and orchestrates security and infrastructure technologies. SOCAutomation automates both the enrichment and investigation of security incidents, together with the mitigation process, by integrating tools and people within a security workflow.
Honeycomb SOCAutomation makes best use of a company’s existing Security investment, and shields security teams from time-consuming and laborious investigations into a multitude of point security and infrastructure solutions.
SOCAutomation’s state-of-art and innovative Cyber Run-Books, alongside the powerful levels of integrations, enables companies to maximise the Return of Investment (ROI) of their security expenditure. Some of the key strategic relationships for SOCAutomation include; IBM QRadar, Splunk, ArcSight, Trend Micro, Cisco, Palo Alto Networks, Carbon Black, FireEye and McAfee – as well as all the leading ticketing solutions. SOCAutomation is available as an on-premise, virtual or Software as a Service (SaaS) based offering.

Tags: , , , , ,