Security orchestration
Security orchestration, automation and response, or SOAR, is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance. The goal of using a SOAR platform is to improve the efficiency of physical and digital security operations.
SOAR platforms have three main components: security orchestration, security automation and security response.
Security automation
Security automation, fed by the data and alerts collected from security orchestration, ingests and analyzes data and creates repeated, automated processes to replace manual processes. Tasks previously performed by analysts, such as vulnerability scanning, log analysis, ticket checking and auditing capabilities, can be standardized and automatically executed by SOAR platforms. Using artificial intelligence (AI) and machine learning to decipher and adapt insights from analysts, SOAR automation can prioritize threats, make recommendations and automate future responses. Alternately, automation can elevate threats if human intervention is needed.