The Value-add of Combining SOAR with Existing Security Technologies

Security teams and Security Operations Centers across industry verticals are facing many of the same challenges: increased workload, budget constraints, competition for skilled analysts and the burden of repeated manual processes.  Managed Security Service Providers (MSSPs) are facing many of these same challenges, multiplied by the scale at which they operate.  Enterprises across the world are continuing to turn to Security Orchestration, Automation and Response (SOAR) solutions to address these growing challenges.

At this point, it seems clear that SOAR is not simply a fad or a feature, it is becoming a critical component of an advanced security program.  Our existing manual processes simply do not scale to the level they must.  Enterprises cannot continue to respond to today’s growing security threats effectively without some level of automation and orchestration.  Gartner predicts that the adoption of SOAR solutions will increase drastically over the next several years. 

As advances in machine learning and artificial intelligence continue, there is little doubt that we will see an increase in their use within SOAR solutions.  These new technological advances are a natural fit for the automation space and will continue to play a larger role in many aspects of SOAR, such as categorizing and triaging security incidents, recommending responses and performing advanced analytics on incident data.  However, it is important to remember that despite the advances in automation, machine learning and artificial intelligence, these should be viewed as an enabler for security teams and a force multiplier, not a replacement for skilled analysts (not yet, anyway).

Another factor which will continue to significantly increase the impact of SOAR solutions will be the constant advancements in the security processes and operations that SOAR solutions are used to automate and orchestrate.  By their very nature, a SOAR solution’s effectiveness is largely dependent on the technologies it is used to automate and orchestrate; an increase in the value of one of these solutions will inevitably increase the value of the other.

Solutions that take a unique approach to solving a previously unsolved problem are an especially large value-add for a SOAR solution allowing enterprises to automate and orchestrate problems that previously required a completely manual approach.  DFLab’s IncMan SOAR integration with Tufin is an excellent example of the value added to a SOAR solution by a new and innovative product.  By utilizing IncMan and Tufin, organizations can automate and orchestrate an unprecedented level of network security actions, while remaining in compliance with existing change control policies.

There is little doubt that automation and orchestration through SOAR will continue to revolutionize the way security operations are performed.  As the security industry continues to evolve and new and innovated security technologies continue to develop, the combined value of SOAR and these solutions will continue grow. 


John Moran, Senior Product Manager, DFLabs

John Moran, DF Labs

John Moran is a Product Management, Security Operations and Incident Response expert and currently holds the position of Senior Product Manager at DFLabs where he is responsible for shaping the product roadmap, strategic planning, technology partnerships and customer success.  He has served as a Senior Incident Response Analyst for NTT Security, Computer Forensic Analyst for the Maine State Police Computer Crimes Unit and Task Force Officer for the US Department of Homeland Security's Human Trafficking Task Force.  John currently holds a Bachelor's Degree in Computer Forensics and a Master's Degree in Information Assurance as well as PMC-III, GCFA, CFCE, EnCE, CEH, and CHFI certifications