WorkCover Queensland is seeking respondents for Security Orchestration, Automation and Response (SOAR) solution.

WorkCover wishes to invest in SOAR capabilities to connect disparate security solutions and create a control plane for its SOC environment to drive efficiencies in the following ways:

• Alert triage and prioritization:
• The ability to take alert inputs from different sources and apply a process of data enrichment and correlation. With a goal to produce accurate incidents that deserve genuine attention from security analysts.
• Orchestration and automation:
• Allow WorkCover security analysts the ability to orchestrate and automate horizontal “processes” across a number of solutions e.g., coordination of workflows with manual and automated steps.
• Case management and collaboration:
• Provide canned resolution to defined responses, including activities such as ticket creation in an IT service desk application or a response via another security control, such as blocking a domain name or IP address by changing a firewall rule. This functionality will significantly improve analyst effectiveness.
• Dashboard and reporting:
• Provides the analysts the ability to aggregate security telemetry that allows an understanding of the SOC’s situation, the evolution of incident response processes, and performance results and can be used for reporting to varying audiences rather than gathering reporting information from different discrete consoles across the environment.
• Operationalisation of threat intelligence and investigation:
• Adding context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding WorkCover’s response to that threat.

The opportunity exists for WorkCover to drive efficiency into the SOC Incident Detection and Response processes primarily through the quantifiable reduction of human effort throughout the lifecycle. Please review the Expression of Interest document for detailed information on the known requirements.