Security Orchestration, Automation and Response (SOAR) is a collection of technologies that enable organizations to monitor, analyze, and automate response to security incidents from a single interface.
This article forms part of a series of articles that look at various acronyms used in cyber security, explain them and explore Microsoft’s solution. For more acronyms please visit: https://simonangling.com/cyber-security-acronyms
- Orchestration within SOAR connects security tools and allows for the consolidation of threat data to allow for analysis for automation and response.
- Automation refers to the ability of a SOAR platform to automate security operations tasks and workflows. This includes automating repetitive tasks such as incident response and threat hunting.
- Response, intricately linked with Automation, can also be seen as a SOARs ability to free up resources by automating the initial response through playbooks and allowing for a faster and often more accurate response to an ongoing threat.
Microsoft’s SOAR Solution
As discussed in What is a Security Information and Event Management (SIEM), Microsoft Sentinel is a unified Security Operations (SecOps) platform that brings together SIEM with security orchestration, automation, and response (SOAR).
Microsoft’s SIEM solution, Microsoft Sentinel, was recognized as a Leader in the 2022 Gartner Magic Quadrant for Security Information and Event Management.
What is the difference between SIEM and SOAR?
Both Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) are cyber-security tools that aggregate and correlate data from multiple sources to detect and respond to threats. However, SIEM focuses on generating alerts from traditional infrastructure components, while SOAR takes in more data and automates the remediation and response process.
Both solutions are best used together, and Microsoft Sentinel is that blending of the two.