Does your heart plummet at the thought of SOAR?


Security Orchestration, Automation and Response (SOAR) seems to be the shiny new kid on the block in the heady world of cybersecurity. Standalone SOAR solution vendors are snapped up by larger vendors faster than you can say ‘playbook’. A short wander around a security trade show will immerse you in a universe where automation & orchestration are the answers to all your problems. Skills shortage? SOAR. Productivity issues? SOAR. Cat stuck up a tree? SOAR. World peace? Well…… that might be slightly beyond SOAR’s current capabilities, but never underestimate a creative marketeer on a particularly keen day.

Regardless of vendor promises, the idea of handing off your security processes to the machines may well fill you with a sense of dread. What if something terrible happens? What if we break production systems? Should I add in a workflow step to automatically update my CV if the domain controller falls over? It’s not wholly surprising that these concerns occur. Computers do things rather quickly, so whilst automated playbooks and workflows can save you a tonne of time, if there’s something amiss it does have the potential to blow up pretty fast. Even something as straightforward as an automatic product update has proven costly to many organisations in the past, leading to time consuming internal testing before deploying even the most critical of security patches.

The decision to embark on a SOAR project, or even just to utilise some of the automated features within your current security tools, ultimately boils down to whether or not you trust the software not to break things at breakneck speed. Manual processes do feel safer (even though they aren’t necessarily so), they have human eyes on them, they move at a more pedestrian pace…Click here to read full article.