For many organizations, IT security operations are characterized by reactive, “best efforts” postures. However, the increasing frequency, scope, and stakes of major cyberattacks mean that a wider array of organizations are now more likely to suffer a major breach event. At the same time, standards and regulatory frameworks, such as the European Union’s General Data Protection Regulation (GDPR), have increased emphasis on risk-based security practices, while raising penalties for non-compliance. These factors have effectively worked to bring security into the corporate mainstream, requiring proactive, programmatic approaches.
Accomplishing this change requires organizations to find ways to understand and act on multiple large and dynamic fields of information related to IT vulnerabilities, cyber-threats, and their own IT asset inventories. Security orchestration, analytics, and remediation (SOAR) solutions are intended to support these efforts by providing a unified platform combining threat, vulnerability, and operations management with risk scoring and analytics capabilities.
Because the benefits associated with security investments are realized in terms of events that never happen, it can be difficult to clearly identify the potential value contribution of these solutions. For this reason, this report draws on analysis of emerging industry dynamics and case analysis of one organization’s investment in a SOAR platform to significantly improve automation, ensure regulatory compliance, and ultimately reduce the probability of a major breach. This report also offers organizations a quantifiable model for calculating the potential return on investment (ROI) of these SOAR platforms.