What is Security Orchestration (SOAR)?
Security orchestration is the process of connecting and integrating security tools and technologies to streamline the data and coordinate disparate systems. Layer security or defense-in-depth is the accepted approach to security strategies that leverage various security tools from the perimeter with anti-virus and firewalls, to next generation SIEM’s, to the multitude of threat hunting tools that are created by different vendors.
Unfortunately, these best of breed technologies are not created to work with one another and ultimately the lack of integration that creates redundant alerts, false positive data, and confusion. Security orchestration or SOAR as coined by Gartner is geared to solve that problem by integrating the tools and streamlining their output.
Today, security tools may be managed by different security personnel often in different geographic locations. Thus, if the 10 employees in an organization are hit with a phishing attack, analysts may handle the incidents individually and without context to SIEM alerts, web logs, threat data and other information that may allow a more coordinated, potent response.
Thus, with SOAR and the rationalization of security data and processes comes automation. Security orchestration ultimately allows organizations to create playbooks concerning how they will respond to incidents more efficiently. While security orchestration technology platforms are still being tweaked, the fundamentals of SOAR including coordination and centralization are sound and the benefits real including:
Security orchestration is in its infancy; still far from a one platform, and single pane of glass vision. However, the fundamental goal of coordination and normalization of tools and data are proven. Having experts that understand the various tools, how they can be integrated, and how to tailor that integration to the processes of your organization is one of our core competencies after 20 years of working with leading edge organizations to manage their security needs.