Speed Up Your Response Time with SOAR

Security teams are seen to invest a lot of time in analyzing alerts that may not actually be “real” attacks. When a normal or non-threatening activity is accidentally identified as malicious, it is termed as a false positive. This can result in thousands of alerts that need to be investigated.

If your security analysts are constantly evaluating false alerts, a lot of their time is wasted before they can even begin with the legitimate threats. In addition to that, when there is no ‘extra’ information available about the incoming alerts, a lot of time is spent on their classification.

Security analysts spend their day in either one of the above two circumstances. Both of which lead to one thing, i.e delayed response time.

Response Time Matters a Lot — Why?

Time is not always on your side, especially when threats move fast. However, when analysts are seen to repeatedly prolong the response time, it gives rise to the following possibilities:

  • A security breach might slip by unnoticed.
  • Dwell time for an attacker might be increased — Dwell time is the window of time that attackers need, to seed a secondary malware, RATs, backdoors and other APTs. This can be considered as their major attempt to compromise data and network security. This type of lateral movement enables a host of damaging activities.

Time to Assess — 00:30:04

The following image depicts a typical day of a security analyst:

We now have a clear picture of the activities involved to analyse a single alert and the approximate time required to perform each one of them. By the end of the day, security analysts are still not able to meet the finish line i.e responding to alerts. After all, this is what they set out to do.

The absence of security automation and orchestration leads to prolonged response time.

For instance, where a traditional SIEM can take about 30 minutes to investigate an alert, with Security orchestration, automation and response (SOAR) this time can be reduced to a matter of few seconds. Here’s how:

Can you see a streamlined method of detecting and responding to cyber threats? SOAR made that happen. Needless to say the current landscape of cyber security definitely calls for security orchestration and automation, a lot of it.

Make way for SOAR in your organisation if you believe in Shorter Investigations and Accurate Decisions.

How does SOAR help?

According to the latest RSA Threat Detection Effectiveness Survey:

  • 90% organisations say they are unsatisfied with their response speed.
  • 75% organisations say they are unsatisfied with their current ability to detect and investigate threats.

SOAR reduces the response time by 60% by making the best use of threat intelligence and playbooks.

Threat Intelligence: It quickly brings attacks from a variety of sources into full view by delivering relevant event context to security analysts. Most security checks in your organisation can be easily automated. For example, when an alert is received by security analysts, a basic validation check can be performed with VirusTotal (it inspects items using over 70 antivirus scanners and URL / domain blacklisting services) to verify if it’s a known bad actor.

Playbooks: They outline the steps to successfully respond to an incident. Through playbooks and pre-defined workflows, SOAR helps any security team to quickly investigate, triage and remediate security incidents based on best practices. Every automated step saves time, making it possible to address more alerts in the same amount of time eliminating the need to scale your team.

Introducing SOAR capabilities into your business is the beginning of quick decision making and response. Security orchestration and automation significantly improves incident response management, by not only reducing mean time to resolution (MTTR), but also freeing up more time for security teams to concentrate on more critical tasks. DNIF presents a factsheet which explains the working of SOAR through the cyber security pipeline and also reveals proven strategies which speed up response.




The “Open” Big Data Analytics platform that offers solutions to the world’s most challenging cyber security problems with real-time data analytics.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

[Some Interesting] Cloud ‘n Sec news: 03rd Jun 22

Meterpreter shell as a 32 & 64 Bit DLL

How to claim airdrop of MetalSlugToken?

Gaming Industry Plagued by Hackers

Leading Game Developer Launched Play-to-Earn Metaverse Deck-Building Game (DBG)

Government as platform

Community, meet Privacy.

Litigation in COVID19 Ireland

high court cases by date

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


The “Open” Big Data Analytics platform that offers solutions to the world’s most challenging cyber security problems with real-time data analytics.

More from Medium

Five Resources Which Helped Me Pass the CISSP Exam

Zero Trust Model: What it is and how it works

What if…

Keep Your Free T-shirts, Make Mine Virtual

Cloud and Cyber Expo 2022