The Evolution of SOAR Platforms — SecurityWeek

A new article by Stan Engelbrecht, Director of D3’s Cyber Security Practice, is currently featured on SecurityWeek. D3 is part of an evolution in security operations platforms that is now commonly referred to as SOAR (security orchestration, automation, and response). Demand for SOAR is undeniably at an all-time high, as evidenced by the many recent acquisitions of SOAR vendors by major tech players like Microsoft and Splunk. In his new article, Stan explores the factors that are driving the emergence of SOAR, including the maturing feature set, improving accessibility for inexperienced security teams, and the potential to realize the dream of the “single pane of glass”—where security analysts can do all their work from a unified interface.


In this excerpt, Stan describes how the feature sets of SOAR platforms have expanded in recent years to make them complete solutions, not just one piece of the incident response function:


At first, many SOAR platforms on the market were very limited in their functionality, with automation and orchestration features that were only appropriate for handling minor incidents. While these products offered some time-saving potential for security teams, their effectiveness was limited by their narrow scope and lack of depth.


Part of the current evolution of SOAR that we are seeing is in the maturity of the features being offered. Automation and orchestration capabilities have grown, through increasingly sophisticated automated playbooks and a surge of integrations across other security tools. This has scaled the ability of analysts to use SOAR to filter out massive amounts of noise and identify genuine threats.


SOAR platforms are also now offering deeper feature sets that make them suitable for handling larger investigations and more serious incidents. These include case management modules, with tools that facilitate communication, collaboration, and task management within the SOC and beyond. Today’s incidents are so complex that response teams cannot afford to manually coordinate across workflow and reporting silos, especially in organizations that have strict compliance obligations. The increased depth in features allows SOAR to be a tool for long-term systematic improvements, rather than merely short-term alert triage.


This article originally appeared on SecurityWeek. To continue reading, please click here to access the article on SecurityWeek.

Social Icon
Walker Banerd

Walker is D3 Security's Director of Content Marketing. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.