What is SOAR - Security Orchestration, Automation and Response?

Security orchestration, automation and response (SOAR) is a term developed by Gartner to describe technology platforms that aggregate security intelligence and context from disparate systems, and apply machine intelligence to streamline (or even completely automate) the incident detection and response process.

One of the primary functions of SOAR relates to security orchestration and automation. Security orchestration is a method of integrating and streamlining workflows across disparate tools in order to improve both security analyst efficiency and threat detection and response. Security automation is used to execute security operations tasks without human intervention.

Many of the day-to-day processes in a security operations center (SOC) are repetitive and consume unnecessary time when performed manually. For example, the process of investigating a typical alert can be a mundane and highly labor intensive effort, requiring the analyst to pivot between numerous tools to aggregate necessary data. SOAR platforms help SOCs deal with the acute shortage of security talent and overwhelming flow of security alerts that they must process.