Security Orchestration, Automation, and Response (SOAR) Security Considerations Whitepaper Collection

Because of the power Security Orchestration, Automation, and Response (SOAR) brings to network defense, the SOAR systems themselves can become an attractive target for adversary compromise.  Therefore, adopters must take a comprehensive approach to strengthen the security and resilience of a SOAR system. This suite of papers serves to lay out key threats, security considerations, and best practices for adopters of SOAR technology. Also available is a set of one-page summaries of the most important recommended actions from each paper.

  • SOAR Platform and Application Management presents plausible threats and prioritized mitigations for attacks that target the platform hosting and managing the SOAR application.

  • SOAR Credential Management explains security considerations associated with the management and use of the credentials the SOAR system employs to access external systems.

  • SOAR Identity and Access Management addresses access into the SOAR platform or the SOAR application by humans or other systems.

  • SOAR Workflows discusses security considerations pertaining to all phases of the workflow lifecycle.

  • SOAR Operations discusses SOAR operations security considerations associated with monitoring and managing a SOAR application and its supported services.

  • SOAR Audit Recommendations presents information to assist SOAR administrators and operators in establishing appropriate procedures for robust and continuous monitoring of SOAR functions.

Helpful Links

For security considerations related to security orchestration, automation, and response (SOAR), check out SOAR Threat Landscape and Attack Vectors, SOAR Platform and Application Management, SOAR Credential Management, SOAR Identity and Access Management, SOAR Workflows, SOAR Operations, and SOAR Audit Recommendations.