According to Gartner, SOAR comprises “technologies that enable organizations to collect inputs monitored by the security operations team…SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.”*
But what exactly is SOAR? Is it a suite of all-knowing technologies that work together to mitigate threats and perform analytics—a sort of real-life Terminator-like Skynet technology that prevents cyberattacks? Is there a particular type of “SOAR software”? Or is it a framework that provides a recommended approach to cybersecurity?
SOAR: A Framework for Solid Security
It’s much more than just a tool or set of tools. SOAR is a model for creating a solid security plan. Yes, it asks agencies to automate the processing of security data and analytics from a piece of technology (for example, a threat intelligence tool, like a security information and event manager or security log manager). But there’s another part of SOAR—security orchestration—that encourages human intervention.
Consider what happens when a security information and event management solution or similar tool identifies a potential incident. An entire workflow process is created, starting with the tool and ending with a security administrator.
Within that process, the incident is assessed based on the security policies the organization has (hopefully) already put in place. Considerations may include:
- What is the assigned threat level of the application that’s been compromised?
- Based on that threat level, what automated actions should take place to mitigate the potential for damage?
- What further actions need to happen to remediate the problem?
Security administrators can then take the threat intelligence derived from the forensic data, use that information to immediately investigate and remediate the problem, and adjust security policies accordingly to strengthen the agency’s fortifications against future attacks.
Thus, the human factor of SOAR comes into play. For all of its emphasis on automation, people are an essential element of the SOAR framework because they are the last line of defense and are responsible for security enhancements. Pairing their expertise with the right security solutions can help organizations stay a step ahead of malicious adversaries.
Adaptive Applications are Vital for the SOAR Model
SOAR focuses on building a security program that is highly adaptive and uses data to continuously improve the way an organization responds to threats. It encourages the use of intelligence to pinpoint current threats, react to those incidents, learn from them, and adapt and improve over time.
At F5, we’re focused on helping organizations build adaptive applications that can automatically adjust their security states. These applications collect and analyze information derived from various touchpoints along the application data path—the path that application traffic takes from application to end user—such as when a user first accesses the application (requiring application authentication), when data is pushed out over the Internet (triggering the use of a web application firewall), and more.
Each of these touchpoints produces its own telemetry and analytics. This data is used to detect whether or not the application is performing as expected—or if there may be some form of anomaly that could indicate a breach.
If it’s the latter, the application can automatically adapt to mitigate the potential threat, thereby satisfying SOAR’s call for an automated response. Let’s say there’s a sudden surge of suspicious traffic detected at some point during the application data path. A bot management solution can automatically detect fraud activity based on the type of traffic—for instance, human vs. bot—that is pinging the application. The application can then automatically block the suspicious traffic based on pre-defined security policies.
The Power of Human and Machine
The SOAR framework is an excellent blueprint for building an automated, responsive and agile system that leverages multiple technologies and human expertise to enforce and continuously improve security policies. It creates a highly effective deterrent against current and future threats.
____
*Gartner Glossary, SOAR, https://www.gartner.com/en/information-technology/glossary/security-orchestration-automation-response-soar
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...