Heimdal Security – Vladimir Unterfingher
Pros: Increased visibility. Ability to automate workflows. Ability to script and automate responses. Less time spent working on monotonous tasks. Great for companies who canât afford an in-house SOC team. Infoâs displayed in one place. Cons SOAR solutions are difficult to deploy. Challenging getting baseline metrics. Only works for low-level incidents. Results still need to be gauged by a human team. SOAR is an incredibly flexible threat identification and mitigation tool which is bound to make a resounding statement in the years to come. This wraps up my article on Security Orchestration Automation and Response. But before I go, here are a couple of things you should bear in mind before deploying a SOAR.
Baselines and standards. To have a detection & response baseline, youâll need some standards. In fact, everything about SOAR revolves around standards: scripts, playbooks, procedures, and even the code itself. Data hygiene. Donât let that data simply pile out. Human handlers. Even though the entire idea behind Security Orchestration Automation and Response is to reduce (or sever) its reliance on the human factor, itâs always a good idea to have someone review the data and make adjustments to the workflows and playbooks from time to time. SOAR + SOC. Sounds like overkill, especially when you take into account the financial aspects, but you can run a SOAR and have a SOC team working for your company.
Link: https://heimdalsecurity.com/blog/security-orchestration-automation-and-response/