Now you'll want to think about long-term sustainment of your SOAR solution. You know how you prefer to pilot, deploy, and upgrade your capabilities. You are monitoring both the performance and security of your SOAR solutions and use those metrics for planning future improvements. Your personnel are familiar with its operation and continue to come up with improvements and better ways to use them. It's time to think through your long-term needs–how much funding should you include in your budget plans? How frequently will you upgrade? When will you need technology refreshes? Will you need refresher training for your personnel? How will you train new personnel? Which criteria will you use to decide whether you need to pilot new capabilities? How will you identify potential improvements?

Long-term sustainment considerations include process improvement and out-year funding considerations. You probably already have business processes and strategy for handling these.

Helpful Information:

• The High-Benefit/Low-Regret Automated Actions as Common Practice whitepaper can help you decide which processes you might consider automating in the future.
• The ICD Conceptual Reference Model and IACD Baseline Architecture whitepapers can help you identify interoperability requirements and maintain consistency with your broader SOAR architecture.
• The S-PET tool, including the Product Integration tab, can help you evaluate and keep track of resource, maintenance and upgrade requirements, including interoperability with other tools and equipment.
• For ideas from experiences of other SOAR adopters, take a look at Implementer Insights, Operationalization Lessons Learned, and the IACD & FS-ISAC Financial Pilot Results.
• You may also want to consider incorporating more robust metrics and measures described in Security Automation and Orchestration Metrics and Measures.