SOAR Allows Cybersecurity Talent to Focus on Highest Value Tasks

Security Orchestration, Automation and Response (SOAR) frees analysts from rote but necessary work, allowing them to focus on complex analysis.

The cybersecurity industry needs relief — and it may be here, thanks to SOAR technology.

In 2018, the cybersecurity workforce gap reached 2.9 million globally, according to a 2018 study, with a shortage of almost half a million skilled personnel in North America alone. At the same time, cyber threats continue to grow in sophistication and cost, leading to billion in losses annually.

Because of the shortage, the current cybersecurity workforce faces high-stress, fast-paced, non-stop demands and extreme workloads. Repetitive and routine tasks— such as monitoring alerts, creating tickets and tracking incidents — consume too much of their time, time that would be far better spent on more involved and sophisticated tasks associated with defending networks and systems.

Now however, much of that rote, repetitive work can now be automated, thanks to Security Orchestration, Automation and Response, or SOAR, technology. The capabilities and uses for SOAR are nearly limitless.

A SOAR platform uses APIs or monitors log activity to identify potentially malicious activity. Upon activity that meets the criteria — say a phishing email with a malware attachment— the SOAR platform sends the email attachment to a malware analysis platform, notifies the team, ingest the results of the malware analysis, and then lets the team know if indicators are found on the network. All of this is done using playbooks built around an organization’s unique operational and business needs.

SOAR technologies can be integrated with existing security tools, configured with playbooks and enabled to act on events and activities, meaning normal workflows like intel gathering, activity correlation and identifying false positive alerts can be automated. This frees up analysts to focus on more complex tasks, those that require critical thinking and interpretation, and reduces the workforce shortage burden.

Surprisingly, SOAR technologies haven’t yet received the attention they deserve. At cybersecurity conferences, the focus continues to be on tools — tools that generate more logs, more notifications, more alerts. Security teams need tools, of course. But what they really need is to automate repetitive and remedial tasks, to focus on pertinent investigations and reduce alert fatigue.

Resistance to these new technologies appears to come from a variety of sources, including security professionals worried that the businesses they support could see this as a way to downsize its security team.

This is an understandable concern, but automation in every other sector has actually increased work roles and pay for advanced positions. The human element of cybersecurity must be protected; we will always need people to think critically and respond in ways machines can’t. SOAR should be thought of as force multiplier, not a force reduction technology.

Rackspace is incorporating SOAR to enhance our security operations and capabilities. Utilizing SOAR allows our security professionals to do what they do best: think critically and hunt threats while automation handles the everyday minutiae that can slow operations.

If you’d like to learn more about how Rackspace is using SOAR technologies, or how your business can leverage a Managed Security Service Provider like Rackspace to provide 24×7 cybersecurity expertise to support your business operations, reach out to our security experts.

Curious to learn more about the current cybersecurity threat landscape?

Click on the image, left, to download our complimentary Managed Security Service Providers for Dummies book.

Chris Evans is a Senior Cybersecurity Architect with Rackspace. He has been fulfilling his passion for securing environments since 2006, with experience in IT, network engineering, security operations, security architecture, and management of technical teams and capabilities. In his current role, Chris architects managed security operations, ensuring Rackspace’s customers are secured now and prepared for the future. Prior to his civilian cybersecurity career, Chris spent 10 years in the military, defending networks from Advanced Persistent Threats, and managing security operations teams across all levels. You can follow Chris on LinkedIn at


Please enter your comment!
Please enter your name here