Not long ago, Solutions Review posted “Will SOAR Cybersecurity Replace SIEM in the Near Future?” This article debated the merits between two of the more complex but still vital branches of the modern cybersecurity tree. Ultimately, we left it to the reader to decide, while exploring the merits of both solutions—SOAR (Security Operations, Automation, and Response) and SIEM (Security Information and Event Management).
Here’s what we said:
“Some security experts read the rise of SOAR as a response to the problems of SIEM. Indeed, there is some validity to this reading, as SIEM can still pose a labor challenge to the uninitiated or unprepared.
However, this neglects the fact that SOAR solutions often draw from SIEM solutions. After all, SIEM aggregates critical logs and alert information. With it, SOAR would lose a vital source of insight into enterprise networks. Further, SOAR works through integration, binding SIEM to other critical cybersecurity solutions like endpoint security and identity management.”
Meanwhile, in a recent interview with Avi Chesla of empow, he shared his thoughts on the matter. “SOAR is a collection of features—workflows—that take best practices in the SOC and try to automate them. It tries to answer the question: ‘what do I need to do manually so that I can just automate instead?’”
“I believe that SOAR, as a collection of features, is part of the solution, and should be consolidated with the SIEM and behavioral analytics technologies in order to really provide the top-down SIEM. We’re already seeing that happening through acquisitions such as Palo Alto Networks acquisition of Demisto. Specific SOAR capabilities can work top-down, but enterprise can’t rely on SOAR alone.”
Instead, he points out that SOAR works when unified under a language of cybersecurity.
- UC San Diego Health Phishing Attack Exposes Medical Data - July 28, 2021
- The Biggest SIEM News Items During the First Half of 2021 - July 27, 2021
- The Biggest Cybersecurity News Items During the First Half of 2021 - July 23, 2021