New! Deep dive into the cost savings and benefits of a SOAR platform

Frequently asked questions

Get answers to the most commonly asked questions about IBM Security SOAR.

FAQ

Getting started with this product

What is SOAR?

As defined by Gartner, Security Orchestration, Automation, and Response (SOAR) tools allow security teams to take inputs from a variety of sources and apply workflows aligned to previously defined processes and procedures.  SOAR technologies introduce efficiency to security operations by enhance activities like threat detection and response, and keeping consistency of people and processes. Read the 2020 Gartner Market Guide on SOAR to learn more.

What is IBM Security SOAR?

IBM Security SOAR is the leading platform for orchestrating and automating incident response processes with unique automation, reporting, and privacy capabilities, and numerous integrations with other security and IT tools. Today, numerous SOCs and Fusion centers rely on IBM Security SOAR to form their incident response hub - the center of their SOC.

What is an incident response playbook?

A playbook is a set of tasks or workflow(s), which may or may not be automated, associated with a specific threat type. It determines the organizational response to a type of threat and guides analysts through the investigation and remediation process, therefore improving consistency and reducing time to respond. IBM Security SOAR playbooks are unique as they are dynamic and additive, which means that they evolve with an incident as new information is uncovered. Read the white paper on Playbook Driven Cyber Security.

What is a workflow?

A workflow codifies and describes a specific set of tasks or actions around a particular security process. A playbook is made up of one or multiple workflows. To get up-to-speed on SOAR read our white paper "How to Be a SOAR Winner".

What is security orchestration?

Orchestration refers to the ability of a SOAR platform to integrate with other security tools through defined connectors. Once these disparate security tools are integrated, a SOAR platform such as IBM Security SOAR can execute a wider orchestration of people, technologies, and processes to respond to security incidents efficiently and effectively. To find other definitions of SOAR terminology read our white paper "How to Be a SOAR Winner".

Is a SOAR tool right for me?

Companies that can fully optimize a SOAR platform such as IBM Security SOAR need to understand and evaluate internal processes to assess if automation will provide the intended benefits and have the internal skills to customize and leverage the platform on an ongoing basis.

Where can I download applications to build an integration ecosystem for IBM Security SOAR?

There are more than 160 IBM Validated and supported applications, and Community applications that can be integrated with IBM Security SOAR.  You can download these applications from the IBM App Exchange, where new applications are being added regularly.

What is IBM Security SOAR with Privacy?

IBM Security SOAR with Privacy allows security teams to integrate privacy reporting tasks and deadlines into their overall incident response playbooks, and work together with your privacy and legal teams to address regulatory requirements. It also helps organizations maintain a single, auditable record of all aspects of their breach response.

Which regulations are supported by IBM Security SOAR with Privacy?

At the heart of IBM Security SOAR with Privacy is the Global Knowledgebase, which is a regularly updated database that supports over 170 breach notification regulations globally, including GDPR, PIPEDA, HIPAA, and CCPA, among others. Read the data sheet for more information.

What is the MSSP Add-On?

It is a capability of IBM Security SOAR designed to meet the specific requirements of Managed SIEM and MDR providers. It delivers the scalability and predictability that Service Providers need to grow their security business. Read the solution brief for more information.

Does IBM Security SOAR integrate with IBM Security QRadar?

Yes, by integrating IBM Security SOAR with a SIEM, such as IBM Security QRadar, you can build out a complete threat management solution that covers detection, investigation, and remediation of threats across a wide range of cybersecurity use cases. Read the solution brief for more information.

Does IBM Security SOAR integrate with IBM Security Verify?

Yes, the Security Verify Functions for SOAR application allows you to act on user status from SOAR workflows and it updates the incident with results. Download the app from the App Exchange.

Does IBM Security SOAR integrate with IBM Security MaaS360?

Yes, the MaaS360 Functions for IBM SOAR application allows you to perform certain Mobile Device Management (MDM) actions using MaaS360. Download the app from the App Exchange.

Support

How is IBM Security SOAR deployed?

IBM Security SOAR can be deployed via on-premise or cloud (SaaS). It is also available as part of Cloud Pak for Security (on-premise).

Is there a community for IBM Security SOAR users and developers?

Yes, IBM Security SOAR has a dedicated space within the IBM Security Community. It is free to join and open to everyone. The community offers a constant stream of freshly updated content, including featured blogs, release updates, and forums for discussion and collaboration. Join the community!

Other common questions

What is Cloud Pak for Security?

IBM Cloud Pak for Security is a platform comprised of containerized software pre-integrated with Red Hat OpenShift. It connects to your existing security tools, and through open standards, it allows you to search for threat indicators across your hybrid, multicloud environment.

Can IBM Security SOAR be deployed through Cloud Pak for Security?

Yes, IBM Security SOAR can be deployed through Cloud Pak for Security. As part of Cloud Pak for Security, SOAR seamlessly integrates with Data Explorer and Threat Intelligence Insights.

Next Steps

See how it works

Buy now and get started