By IT Brew Staff
less than 3 min read
Definition:
SOAR (security orchestration, automation, and response) is a system for automating and coordinating cybersecurity tools and responses. At the core of SOAR is a console that an organization’s security operations center (SOC) can use to integrate the cybersecurity tools involved in cyberattack detection and prevention, as well as automate key parts of cybersecurity workflows that ordinarily drain time and resources from cybersecurity professionals.
The “orchestration” part of SOAR focuses on unifying SOC’s data and tools to address threats. “Automation” is mostly concerned with automating tedious cybersecurity workflows, particularly those that previously relied on the manual use of multiple tools. Last but not least is “response,” in which automation and orchestration have freed up enough bandwidth for cybersecurity teams to respond more efficiently to rising threats.
In its ideal state, SOAR should incorporate threat intelligence, automated security-alert monitoring, pre-built workflows, and scalable infrastructure, among other features. This combination can make cybersecurity teams more efficient and flexible when responding to a rapidly evolving threat environment, squashing threats more quickly. With SOAR, the SOC can also adopt workflows that allow it to share cybersecurity information in a more transparent manner with other organizational stakeholders.
