401 Reading 11 - marsecguy/reading-notes-cyberops GitHub Wiki

Security Automation and Orchestration (SOAR)

1. How would a security team benefit from implementing a SOAR solution?

   • SOAR can greatly increase efficiency for the cybersecurity team by more quickly detecting, isolating, mitigating and beginning to recover from a cyber attack. This can result in an attack having no significant impact when it otherwise would, or greatly reducing the impact compared to what human-only detection and intervention would. It can also save significant money by not only reducing the impact, but speeding recovery to minimize downtime.

2. Explain how a SOAR solution fits into the Incident Response process.

   • As previously mentioned, SOAR can significantly help incident response by isolating attacks and limiting the damage, which results in less work to be done in recovery.
   • Additionally, SOAR can find relevant information in system logs and other locations and bring those to analyst's attention, saving huge amounts of time from humans having to search through the data. This can enable recovery teams to know what they are dealing with and how far the damage has spread within a few minutes rather than hours, or even days.

Sources: Forbes AT&T