When we think of Security Orchestration, Automation and Response (SOAR) nowadays (and we do think a lot about SOAR), we primarily think of this:
SOAR = security workflow + security orchestration + security automation [+ maybe knowledge management of playbooks and such]
(and, yes, a longer post that explains the above terms is coming too)
Now let me ask you this: is SOAR technology mostly about IMPROVED EFFICIENCY or is it about MAGIC [aka NEW CAPABILITIES]?
Clearly, a car is NOT an improved horse-drawn carriage, an iPhone is NOT an improved Blackberry – these technology advances delivered not just an improvement in some existing process (transportation, communication), but major new capabilities and even opened new realms of human endeavor and new areas of practice.
However, most of the examples of SOAR usage we’ve seen so far definitely fit into the improved efficiency bucket: process phishing emails faster, get malware sandboxing results into the incident case easier, etc. However, our analyst intuition tells us that the magic is there.
Where can we look for SOAR magic? – We will look for new security processes that are only possible with SOAR-style automation (or DIY or OSS tools of similar mission), we will look for useful security capabilities that are only achievable with SOAR, ways to do security operations differently because you have SOAR and other things of that sort. We hope some SOAR users and SOAR vendors will help too…
Blog posts related to this topic:
- SOAR Research Coming … Brace for Impact!!
- SOAR research is coming! (by Augusto)
- Security: Automate And/Or Die?
- Security Without Security People: A [Sad] Way Forward?
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.