Subscribe

The benefits of SOAR for SOC teams

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 26 Apr 2022
Martin Potgieter, co-founder and technical director, Nclose.
Martin Potgieter, co-founder and technical director, Nclose.

With an ever-growing number of cyber attacks being launched every day, network and defence analysts are having to deal with increasing numbers of security alerts and run the risk of missing important ones.

ITWeb Security Summit 2022: 31 May to - 2 June

Book your seat now to get up to speed on cyber security trends, solutions and best practices. The annual gathering of cyber security decision makers and practitioners will feature experts and thought leaders from across the globe, who will share their knowledge and insights on the most critical issues facing businesses today. It will also feature a range of workshops, training courses, and much more. For more information, and to register, go here.

This is where security orchestration, automation and response (SOAR) comes in. Integrating SOAR into the security operations centre (SOC) can enhance efficiency and effectiveness by correlating alerts from disparate security solutions and automating tasks. It also helps improve incident handling through experience.

But what is SOAR exactly? 

According to Martin Potgieter, co-founder and technical director of Nclose, it depends who you ask. "As is often the case these days, depending on who you ask you may get slightly different words. I would say a layman’s definition is the automation of the incident response process and the connecting of tools to assist with the incident response process.”

Speaking about how SOAR addresses today's top security challenges, he says the idea is that SOAR enables incident response teams to more effectively deal with alerts, and alerts in large numbers. 

To do SOAR properly one needs to have specific goals, plan and constantly measure progress.

Martin Potgieter, Nclose.

In addition, he says SOAR is more a methodology than a specific vendor solution, so its difficult to compare it to anything else  it often stands by itself, although there are different approaches to implementing SOAR.

Of course, there’s no silver bullet when it comes to security, and like most cyber security ideas today, the biggest challenge is understanding that implementing SOAR is not as simple as merely buying a vendor solution.

“To do SOAR properly one needs to have specific goals, plan and constantly measure progress,” he says.

Potgieter will be presenting on “SOARing through the buzzwords", at the ITWeb Security Summit 2022, to be held at the Century City in Cape Town on 6 June.

During his presentation, he will give delegates an understanding of what SOAR is, and will explain the common pitfalls of SOAR implementations and how to avoid them. Finally, he will offer insight into a successful method of implementing SOAR within the organisation.

Share