It's an acronym that cries out for wordplay (SOAR above the hackers… SOAR into greater security…). But security orchestration, automation and response is a serious answer to a perilous threat environment. SOAR products collect threat information and respond to evidence of low-level threats without human intervention. They identify, prioritize and automate a security team's incident response work by coordinating the management of potential vulnerabilities, setting into motion a preplanned response to potential security incidents, and managing policy execution and reporting.
Who needs SOAR? The understaffed security team. Or put it another way: most security teams. From September 2017 through August 2018, there were over three hundred thousand job openings in the cybersecurity field. Security orchestration, automation and response tools were developed to help plug this skills gap. SOAR can handle, for instance, mundane but essential patch management tasks. A detailed list of potential uses for SOAR would not take long to compile. In this guide to security orchestration, automation and response, our expert contributor provides that and then explains in detail what SOAR can do to boost the security of an organization's systems and data.