Security Orchestration Roadmap

by | Nov 8, 2018 | Blog

Security orchestration, automation and response (SOAR) solutions are gaining visibility, and security and risk management leaders should start to evaluate how these solutions can support and optimize their broader security operations capabilities.

Read below our recommended roadmap on how security professionals should approach SOAR.

Phase I

Initial assessment and strategy recommendations


Analysis of current SIEM infrastructure to identify or generate

  • A list of currently used logs sources and extracted fields.
  • Completeness of required log sources per logs source type.
  • Data exploration analysis and determination of relevant cybersecurity features.
  • Customized parsing for field extraction on incorrectly configured log sources.
  • Implementation of dashboards to monitor performance of current log sources.

SIEM Infrastructure improvements and optimization recommendations, including

  • How to reduce operational cost by detecting collection of unnecessary logs and data transmission mechanisms.
  • Use cases that align with the Cybersecurity strategy by leveraging expertise in both security and data science expertise in combination with available log sources
  • Data collection strategies to improve Cybersecurity visibility

Phase II

Strategy implementation

  • Implement optimization recommendations to reduce operational cost.
  • Mapping of Splunk (or any SIEM tool) add-ons to data sources.
  • Collect asset and identity information for enrichment and correlation.
  • Deploy add-ons to forwarders and indexers.
  • Data model’s configuration and acceleration search load.
  • Implementation of lookup tables for data enrichment, operational alerts, dashboards and alerts for required use cases, dashboards, and reports to visualize security performance metrics.

Phase III

Machine Learning

    • Apply machine learning algorithms for data classification and exploratory analysis, including, cluster analysis, decision trees and PCA
    • Based on findings and business requirements, implement anomaly detection algorithms to identify useful insights from data
    • Reduce number of security alerts by using machine learning algorithms including clustering and automatic classification
    • Implement machine learning to detect anomalies on metrics

Security Orchestration can act as the glue that will connect the people, processes, and technology of your security program together so that you can achieve maximum efficiency. Advoqt provide your business with a solution in place, allowing your tech department to actively respond to threats faster than ever before.

Want to see for yourself? Contact us.



Sign up to our monthly newsletter, and stay up to date with the latest cybersecurity trends!


  • Should be Empty:


Related content