Security Orchestration, Automation, and Response (SOAR) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events without human intervention. The goal of using a SOAR platform is to improve the efficiency of physical and digital security operations.
Security orchestration connects and integrates different internal and external tools through built-in or custom integrations and application programming interfaces (APIs). Connected systems may include vulnerability scanners, endpoint protection products, end-user behavior analytics, firewalls, intrusion detection, and intrusion prevention systems, and security event and incident management (SEIM) platforms, as well as external threat intelligence feeds.
Security automation, fed by the data and alerts collected from security orchestration, consumes and analyzes data and creates repeated, automated processes to replace manual processes. Tasks previously performed by analysts, such as vulnerability scanning, log analysis, ticket checking, and auditing capabilities; can be standardized and automatically executed by SOAR platforms. Using artificial intelligence (AI) and machine learning to decipher and adapt insights from analysts, SOAR automation can make recommendations and automate future responses. Alternatively, automation can elevate threats if human intervention is needed.
Security response offers a single view for analysts into the planning, managing, monitoring, and reporting of actions carried out once a threat is detected. It also includes post-incident response activities, such as case management, reporting, and threat intelligence sharing.
SOAR is not a silver bullet technology, nor is it a standalone system. SOAR platforms should be part of a defense-in-depth security strategy, especially as they require the input of other security systems to successfully detect threats. It’s important to also have CyberHoot’s recommendations in place, listed below:
Start building your robust, defense-in-depth cybersecurity plan at CyberHoot.
Sources:
Additional Reading:
Related Terms:
Security Operations Center (SOC)
Security Event and Incident Management (SEIM)
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...
Read moreA recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.