Alert-Centric vs Threat-Centric
After years of investing in best-of-breed detection and SIEM tools, security operations centers are buried in alerts, giving rise to interest in security orchestration, automation, and response (SOAR) technologies.
Not unlike other security solution categories, many of the vendors in the SOAR space tout similar, if not the exact same, benefits.
- Reduced alert fatigue
- Automated processes
- Repeatable investigation and response workflows
Where SOAR vendors differ is how they deliver, or attempt to deliver, their value. While user interfaces differ, and investigation capabilities may vary, at the core a SOAR solution is either alert-centric or threat-centric.
This short video details the difference between these two approaches and their downstream impacts on the SOAR.