SOAR

SOAR stands for Security Orchestration, Automation, and Response. The term is used to describe three software capabilities: threat and vulnerability management, response to security incidents, and automation of security operations. SOAR enables companies to collect threat-related data from a variety of sources and automate responses to low-level threats.

The term was originally coined by Gartner, who also defined the three capabilities. Threat and vulnerability management (orchestration) covers technologies that help remediate cyber threats, while automation of security operations (automation) relates to technologies that enable automation and orchestration within operations.

As many of the cyber threats faced by companies will require multiple technologies to combat them and multiple team members to perform manual tasks and link the information, the remediation organization must be seamless. While orchestration aims for efficiency when executing threat remediation, automation aims to reduce the time for these actions using machine learning, making the orchestration process itself more efficient.

Security Incident Response (Response) is how the response to a threat is planned, managed, coordinated, and monitored. The response measures the process of responding to a threat or vulnerability and can be used to inform strategy.