Security Orchestration, Automation and Response

What Does Security Orchestration, Automation and Response Mean?

Security Orchestration, Automation and Response (SOAR) is an IT stack helping companies and organizations to deal with security threats. In a collection of physical and digital security tools, SOAR provides an architecture for optimal security response. For example, a SOAR resource set could include new kinds of software packages that run on top of firewalls or perimeter security hardware, arranging new and more sophisticated processes beyond simple perimeter security.


Techopedia Explains Security Orchestration, Automation and Response

A SOAR setup can help with threat and vulnerability management, as well as security incident response. Some tools also offer automated resources. SOAR can be contrasted with SIEM or security information and event management, as SOAR is being applied to enhance what is possible through SIEM models. Again, SOAR can enhance existing security models by providing overarching automation and coordination strategies. Perhaps there are several standalone security tools that are not linked to one another. With monitoring, integrated threat detection and incident response, and other features, a SOAR architecture works proactively to keep a system protected.


Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…