Definition — What is SOAR?

SOAR stands for “Security Orchestration, Automation and Response” it’s the set of technologies that allow businesses to collect security threats (alerts) and data from multiple sources in order to identify security incidents within the organization. SOAR performs the remediation process by using both human skills and machine-powered assistance. SOAR also helps to automate, manage security issues and security tools through a single interface. Placing SOAR at the heart of a security platform helps teams extend and maximize value across the ecosystem and to any security process in a coordinated manner. The term SOAR was coined by Gartner in 2017. According to Gartner, the three most important capabilities of SOAR technologies are:

• Threat and vulnerability management: These technologies support the remediation of vulnerabilities across their lifecycle and provide a standardized workflow. It also aids in collaboration and reporting capabilities.
  

• Security operations automation: These technologies support the automation and orchestration of workflows, processes, policy execution, and reporting.
  

• Security incident response: These technologies support how an organization plans, manages, tracks, and coordinates the response to a security incident.