Corporate IT Cyber Security
Security Orchestration and Automated Response (SOAR)
Behind-the-scenes processing of your critical cyber security data.
Helping SOC analysts respond lightning-fast to potential threats.
SOAR is a key component—indeed, the beating heart—of our Security Operations Centre (SOC) service.
With deep integration with SIEM, it acts as a central system that ingests security alerts from Sentinel to process and enrich the data—giving our SOC analysts the most up-to-date and relevant information for positive and accurate incident triage.
The scale afforded by the SOAR platform offers repeatable and predictable outcomes, while its extensibility enables continual improvement to even deeper data analysis to correlate and enhance incident response.
Why use Security Orchestration and Automated Response (SOAR)?
Deep context about incidents through integration with the Peloton ecosystem
Entity enrichment from trusted threat intel sources gives SOC analysts an at-a-glance view of an incident’s severity
Rapid response for high-criticality events, including disabling user accounts or shutting down network connections at the edge
What to expect with Peloton SOAR
Integral to every SOC service, SOAR acts as a behind-the-scenes integration.
You will host an on-premises appliance that hooks directly back to the SOAR platform. This provides the environmental context for automated or semi-automated response scenarios. Incident data gets enriched by the threat intel—for example, things like IP addresses, URLs, and domains are assessed for their individual risk levels.
When incidents are escalated to you, we provide you with the most meaningful data and context to help you make strategic security and business decisions.
The Peloton difference
Granular analysis
Peloton’s deep integration with other services provides unprecedented correlation to risk factors that would otherwise slip under the radar. By surfacing the most at-risk technical systems or individual identities, SOAR gives SOC analysts the data they need to make informed and accurate decisions when actioning alerts.
Authority to act
By enabling authority to act using the automation tools and client-side integration, otherwise innocuous incidents are stopped in their tracks before they turn into a full cyber breaches.
Continuous improvement
Fast response times and a positive feedback loop for tuning the SIEM detections ensures the continual improvement of the platform, which in turn increases your security posture.
Frequently Asked Questions
SOAR stands for Security Orchestration, Automation and Response. It’s a technical platform which underpins and enables the core functionality of the SOC. It ingests security alerts and incidents from the SIEM for security analysts to triage and remediate with clients.
The SOAR acts as a central point in connecting multiple data sources taking varied inputs from each, then manipulating, transforming and enriching the data to provide the SOC with high quality information about security incidents. This allows a lower barrier to triage by presenting the most relevant information possible.
The SOAR allows the SOC to have greater operational leverage by automating tasks that would otherwise have to be completed manually. The automation of incident ingestion, data parsing and correlation, entity enrichment and automated analysis reduces the human effort required by orders of magnitude. This allows the SOC analysts to focus on the most important tasks of triaging and handling incidents.
