Abstract:
SOAR (Security Orchestration and Response) is a software that combines security orchestration, automation, and response with end-to-end security operations management to make analysts more productive, security engineers more effective, and managers more informed about the SOC (Security Operation Center). It works as a centralized system for the whole SOC technical stack that can consist of different other types of products like EDR (Endpoint Detection and Response), SIEM (Security Information and Event Management), Threat Intelligence, Cloud Security etc. One of the benefits of the SOAR platforms is that they operate in all environments, including multi-cloud and hybrid environments. Siemplify, SOAR vendor, released a case study showcasing, how MSSP (Managed Security Service Provider) can utilize SOAR to solve challenges of multiple environments. Additionally, SOAR platform will provide triaging capabilities, which are then used to properly manage handling of the threats. Analysts are able to collaborate, communicate within SOAR and notify other departments.