A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts. Which of the following would best enable the reduction in manual work?
A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts. Which of the following would best enable the reduction in manual work?
Security Orchestration, Automation, and Response (SOAR) is designed to automate and streamline security operations, which directly reduces the amount of manual work required by security analysts. SOAR platforms consolidate various data sources and automate routine tasks, allowing analysts to focus on more complex activities. This makes SOAR the most appropriate solution for enhancing the ability of a security operations center to detect threats while minimizing manual effort.
SOAR platforms are designed to automate and streamline security operations
The question doesn't say anything about responding to threats. The focus is on identification. SIEM fits better here...Security information and event management (SIEM) is a security solution that helps organizations detect threats before they disrupt business.
SIEM systems are related with log aggregation and correlation from various sources. SOAR provides automation tools which are going to reduce the amount of manual work for the analysts.
soar sniping
"reduce the amount of manual work" SOAR is automated
i think its a
Its SOAR
Soar is automated making work easier
Key abbreviation in SOAR is Automation.
A Soar SOAR • Security orchestration, automation, and response – Automate routine, tedious, and time intensive activities • Orchestration – Connect many different tools together – Firewalls, account management, email filters • Automation - Handle security tasks automatically • Response - Make changes immediately