Among the many improvements in cybersecurity technology and tools we’ve seen over the last few years, one of the most significant has been the inclusion of security automation and orchestration capabilities in solution categories beyond SOAR platforms. SIEM providers acquired stand-alone SOAR platforms, and endpoint detection and response (EDR) solutions broadened to include automation and orchestration capabilities to accelerate threat detection and response. So, what’s next?
Previously, I focused on the evolution of automation from a process-driven to a data-driven approach to unlock even greater efficiencies and effectiveness. Here, we’ll take a closer look at how orchestration is evolving and delivering additional benefits.
First a little level-setting. We tend to talk about orchestration and automation at the same time and use the terms interchangeably, but they are quite different. Automation is about making steps (e.g., looking up a domain or blocking a port) happen faster to increase security operations efficiency. Whereas orchestration is about getting multiple systems in the Security Operations Center (SOC) to work together so you can detect, remediate and respond across the infrastructure.