Word of the Day: SOAR

Word of the Day Daily updates on the latest technology terms | June 3, 2019 SOAR SOAR (Security Orchestration, Automation and Response) is a genre of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance. The term, which was coined by the research firm Gartner, can be applied to compatible products and services that help define, prioritize, standardize and automate incident response functions. The goal of using a SOAR software stack is to improve the efficiency of physical and digital security operations by merging threat and vulnerability management, security incidence response and security operations automation. According to Gartner, the three most important capabilities of SOAR technologies are:   Threat and vulnerability management: These technologies support the remediation of vulnerabilities. They provide formalized workflow, reporting and collaboration capabilities.   Security incident response: These technologies support how an organization plans, manages, tracks and coordinates the response to a security incident.   Security operations automation: These technologies support the automation and orchestration of workflows, processes, policy execution and reporting.   Security orchestration, automation and response (SOAR) programs offer an alternative means for addressing the cybersecurity skills gap by reducing the amount of work that requires human intervention. While both security information and event management (SIEM) and SOAR stacks aggregate relevant data from multiple sources, SOAR services integrate with a wider range of internal and external applications and are useful for spotting patterns of attack as well as isolated occurrences.   Today, many companies use SOAR services to augment in-house SIEM software. In the future, it is expected that as SIEM vendors begin to add SOAR capabilities to their services, the market for these two product lines will merge. Vendors that currently promote their ability to provide SOAR capabilities include LogRhythm, Rapid7 and Cybersponse. Quote of the Day "SIEM and SOAR both aggregate security data from various sources, but the locations and quantity of information being sourced are different." - Andrew Froehlich Trending Terms solution stack incident response security event SIEM security information management Learning Center SOAR vs. SIEM: What's the difference? SOAR and SIEM have several differences, but are often confused. For example, SIEM provides alerts, but administrators have to determine an investigation path, while SOAR automates investigation path workflows to address alerts. Learn more about the differences between SOAR vs. SIEM. How can SIEM and SOAR software work together? SOAR software is best deployed in conjunction with SIEM to automate the creation of actionable workflows and save security teams time and energy spent remediating alerts. Learn how to address the security skills shortage by implementing security orchestration automation and response tools. The future of SIEM: What needs to change for it to stay relevant? Security experts know SIEM systems have deficient components that pose risks. The best SIEM products are the ones that will make changes and adaptations to address mobile and cloud popularity. Here's a look at the future of SIEM tools. Why SOAR platforms are gaining attention from the channel SOAR platforms have emerged as an attractive technology category for security-conscious customers and channel partners. Gain insight into how partners can develop services around this versatile cybersecurity technology. Who needs security orchestration, automation and response? Who needs tools for security orchestration, automation and response? Only organizations that that are short-staffed and overworked. In other words: nearly everyone. Learn how SOAR tools ease the burden of rote but required security tasks and free up security pros for more challenging IT security projects. Quiz Yourself Exploit kits allow non-technical threat actors to do ____ of damage. A. a lot B. alot Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.