SOAR
Six steps to smarter, more efficient security operations with SOAR.
Security Orchestration Empowers
Your SOC
Six steps to smarter, more efficient security operations with SOAR.
Security operations teams are incredibly resource constrained, with more being asked of them each day as cyber threats proliferate.
Security orchestration enables security operations teams to realize their full potential and get more from their existing staff and technologies.
Security orchestration is built on six pillars to help teams make more informed decisions, formalize workflows and automate incident response actions – all while getting the most out of their existing security tools.
CONTEXT
ENRICHMENT
PLAYBOOK
AUTOMATION
INTERACTIVE
INVESTIGATION
KPI BUSINESS
INTELLIGENCE
CASE
MANAGEMENT
COLLABORATION
What is Security Orchestration?
Security orchestration is the process of integrating a disparate
ecosystem of SOC tools and processes to automate tasks for simpler, more effective security operations.
Security operations teams typically have dozens of cybersecurity
security tools in place to prevent, detect and remediate threats. But if these technologies and resources aren’t fully integrated into a unified ecosystem, the results are inefficiencies, heightened security risks and lower employee morale.
Security orchestration solves these problems by creating harmony
between processes and technologies, so that most day-to-day SOC tasks can be completed in a single console.
Security Orchestration vs Security
Automation
Security orchestration and security automation are closely related terms, but it is important to understand the differences between them.
Security orchestration integrates and streamlines cybersecurity
processes and tools into a unified whole in order to streamline a range of security operations tasks. Security automation
accomplishes many of these tasks with machines that free up human resources for other priorities.
Instead of using these terms interchangeably, it is more accurate to think of security automation as one component of a comprehensive security orchestration strategy.
SOAR Convergence of Three
Technologies (SIRP, SOA and TIP)
Security Incident Response
Platforms (SIRPs)
- Case/Incident Management
- Workflows
- Incident knowledgebase
Security Orchestration and
Automation (SOA)
- Integrations
- Play/Process/Workflow
Automation - Playbook Management
Threat Intelligence
Platforms (TIPs)
- TI Aggregation, Curation,
Distribution - Alert Enrichment
- Tl visualization