Ready to Upgrade
Note: Information will continue to be refined as we get feedback, questions, comments and new information. Please send us your thoughts!
After you've successfully deployed a SOAR solution in your environment, you will inevitably discover ways improve it. Do you need to broaden its use and application within your security operations? Do you need to integrate more of your tools and data with your SOAR solution? Do you need a more sophisticated SOAR tool? Do you need to upgrade other tools or data in your environment to improve your SOAR capabilities? How will you roll out your improvements? What training will your personnel need? Does it make sense to pilot your upgrade first before fully deploying it?
Upgrading your SOAR solution should primarily focus on expanding or improving your SOAR capabilities. You probably already have business processes and plans for these types of upgrades.
- The High-Benefit/Low-Regret Automated Actions as Common Practice whitepaper can help you decide which processes you might consider automating next.
- The ICD Conceptual Reference Model and IACD Baseline Architecture whitepapers can help you identify interoperability requirements and maintain consistency with your broader SOAR architecture.
- The S-PET tool, including the Product Integration tab, can help you evaluate and keep track of resource, maintenance and upgrade requirements, including interoperability with other tools and equipment.
- For suggestions from experiences of other SOAR adopters, take a look at Implementer Insights, Operationalization Lessons Learned, and the IACD & FS-ISAC Financial Pilot Results.
- You may also want to incorporate and use more robust metrics and measures described in Security Automation and Orchestration Metrics and Measures.
- If you plan to use or produce Indicators of Compromise (IOCs), the Information Sharing under IACD page as well as the Actionable Information Sharing overview and the AIS Fact Sheet provide more details specific to IOCs.
- If you plan to use or produce other threat information, the Autoimmunity whitepaper and YouTube video can assist in planning your upgrade.