Security Orchestration, Automation and Response (SOAR)
Introduction: What Is SOAR?
Gartner describes SOAR as the collection of disparate technologies that enable businesses to gather data and security alerts from different sources. The business can then conduct threat analysis and remediation processes by utilizing both machines and manpower together to assist in defining, prioritizing and driving standardized Incident Response (IR) activities according to a standard workflow. Using SOAR tools, businesses define response procedures and threat analysis, also known as Plays in the Security Operation Playbook, in a digital workflow format so that a variety of machine-driven activities can be automated.
SOAR combines three previously different technology sectors — security orchestration and automation, threat intelligence and incident response.
In the world of cyberwarfare, cybersecurity threats are growing by leaps and bounds and organizations are unable to protect their IT infrastructure from these threats. To help businesses grow, technical innovations in IT infrastructure are being introduced. However, securing this infrastructure is a daunting task.
To deal with this problem, organizations look for security personnel and security tools as a last resort. Training and retaining these IT practitioners is also a challenging task. According to The Demisto State of SOAR Report, 2018: “it [takes] an average of 8 months to train new security analysts; despite this, a quarter of employees were likely to end up leaving within 2 years.”
The problem of hiring and training new employees can be resolved with the help of SOAR tools, as they can help to fill the personnel gap and make the existing workforce more productive. In addition, SOAR has become a vital part of Security Operation Center (SOC) and enable incident resolution with the most robust documentation, highest fidelity and least dead time.
The Demisto State of SOAR Report also reveals that the research respondents accept that their SOAR solution helps (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/A0rjh7GJQfQ/