← All glossary terms Glossary

What is Security Orchestration, Automation, and Response (SOAR)?

Tooling that automates repetitive parts of investigation and response — like enriching alerts or isolating endpoints.

Security Orchestration, Automation, and Response (SOAR) platforms let security teams automate the repetitive parts of their workflow: enriching an alert with threat intelligence, looking up which user owns an affected device, isolating an endpoint, or opening a ticket. SOAR is usually layered on top of a SIEM. For most organizations, the automation embedded in an MDR service replaces what a dedicated SOAR platform would otherwise do.

Keep learning

Related terms

Multi-Factor Authentication (MFA)

A sign-in security control that requires something beyond a password — typically a phone, security key, or app prompt.

Read definition →

Phishing

Fraudulent messages — by email, text, or phone — designed to trick someone into giving up credentials, money, or access to your systems.

Read definition →

Ransomware

Malicious software that encrypts your data and demands payment for the key — often combined with data theft and extortion.

Read definition →

Zero Trust

A security model that trusts no user or device by default — even inside the corporate network — and verifies every access request continuously.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team