SOAR stands for Security Orchestration, Automation, and Response. It is a software solution that enables cybersecurity and IT teams to integrate and coordinate separate tools into streamlined threat response workflows. SOAR platforms are a collection of security software solutions and tools for browsing and collecting data from a variety of sources. SOAR combines three software capabilities: threat and vulnerability management, security incident response, and security operations automation.

SOAR seeks to alleviate the strain on IT teams by automating low-level, time-consuming, repetitive tasks like opening and closing support tickets, event enrichment, and alert prioritization. SOAR solutions then use a combination of human and machine learning to analyze this diverse data to comprehend and prioritize incident response actions. An effective SOAR system can be used as a valuable tool to alleviate the burden on an organization’s security teams.

SOAR platforms have three main components: security orchestration, security automation, and security response. Security orchestration connects and integrates disparate internal and external tools via built-in or custom integrations and application programming interfaces. SOAR security solutions can automate security operations automation, which relates to the automation of security tasks and processes. SOARs can also trigger the automated actions of integrated security tools.

SOAR is a complementary technology, not a replacement for other security tools. SOAR platforms are not a replacement for human analysts, but instead can augment their skills and workflows for more effective incident detection and response.