SOAR Platform Overview
A Security orchestration, automation and response (SOAR) platform is designed to help security operations (SecOps) teams automatically execute repetitive tasks, such as responding to phishing alerts, SIEM or EDR alert triage and is typically used within the context of the Security Operations Center (SOC).
Gartner defines SOAR technology as “solutions that combine incident response, orchestration and automation, and threat intelligence platform management capabilities in a single solution”. At the most basic level, there are three primary ways that SOAR works to improve SecOps outcomes:
- Automates incident response: SOAR security software – specifically security automation – executes a sequence of workflow tasks without human intervention. Security teams who automate incident response with SOAR speed their mean time to resolution (MTTR). Automation also frees up analyst time for more strategic work, increasing the team’s job satisfaction and retention rates.
- Adds context to incident data: Security orchestration integrates disparate systems or platforms. This leads to consolidated and contextualized intelligence so that analysts can quickly…
