Security orchestration, automation and response (SOAR) primarily focuses on threat management, security operations automation and security incident responses. SOAR platforms can instantly assess, detect, intervene or search through incidents and processes without the consistent need for human interaction.
SOAR capabilities include:
- The prioritisation of potential threats.
- Assessing potential impact.
- Triaging the most important threats.
- Responding to the threats accordingly.
Aspects of those capabilities are:
- Security orchestration and automation to create a strong security foundation, based on best practices.
- Security incident response platform to use as a tool for orchestrated security responses, establishing repeatable and scalable workflows.
- Threat intelligence usage to understand threats preemptively, accelerating prioritisation, and after a security threat to confirm the incident is resolved.