As the title of the article suggests, today we will focus on two technologies SOAR and XDR, the main purpose of which is to help information security specialists in countering the most complex threats, APTs and targeted attacks.
Before diving into the reasoning, which technology will take a dominant position in the information security market in the near future, let's initially just see what each one is and for which companies are more suitable.
SOAR is the next step in the evolution of SIEM systems. Orchestrates and automates management processes for heterogeneous information security and IT systems from different manufacturers and provides incident response through pre-prepared response plans (playbooks) without the need to switch between different consoles.
SOAR is suitable for organizations with high maturity of information security processes that prefer to orchestrate an unlimited number of systems from different vendors from a single point, automating processes as much as possible, but at the same time requiring a lot of involvement of information security experts.
XDR - EDR . ( , , , .), , , , .
XDR , - , .
Security Operations Gartner 2020 , , XDR SOAR , , . , XDR SOAR.
, .
? , , . SOAR XDR , XDR , .
While XDR technology over time has all the technological capabilities to strengthen interaction with third-party solutions and catch up with other strengths of SOAR and thereby simplify the management of information security infrastructure not only within the framework of a single vendor, but also provide interaction with various tools from third-party manufacturers. organizations in their infrastructure to achieve a comprehensive strategy to counter today's rapidly increasing threat landscape.
In general, I personally bet on XDR and its bright future.
What are your thoughts?