Network and defense analysts are facing increasing numbers of security alerts and, as a result of fielding those alerts, burnout. Dark Reading reported that the average security operations center (SOC) receives 10,000 alerts each day from layer upon layer of monitoring and detection products. While the cyber threat landscape is marked by an upward trending number of actors, network and defense analysts must also contend with ever-increasing numbers of false positives (sometimes at rates as high as 80 percent). Due to resource constraints on already overwhelmed analysts, many alerts are ignored, and, according to a recent report, less than 10 percent of alerts are actively investigated.
Security orchestration, automation, and response (SOAR) platforms, a term first coined by Gartner, refers to “technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.” It enables already overwhelmed network and defense analysts to compile threat-related data from various disparate sources and then use machine learning to automate responses to low-level threats. SOAR was one of the initial products aimed at easing the burden not only on security operations center (SOC) analysts, but on other security professionals such as security information and event management (SIEM) operators, threat hunters, and compliance managers. In this blog post, we introduce and analyze SOAR platforms, which help analysts deal with alert fatigue. lorem
What Is SOAR?
The concepts of security orchestration, automation, and response were not new, but 2015, when Gartner coined the SOAR term, seems to be the first time the concepts were discussed as a category of tools where all four functions are part of a single platform. SOAR
This article is purposely trimmed, please visit the source to read the full article.
The post Benefits and Challenges of SOAR Platforms appeared first on Carnegie Mellon University's Software Engineering Institute Blog.