What is Security Orchestration?

Security orchestration is a method of integrating and streamlining workflows across disparate tools to improve both security analyst efficiency and threat detection and response.

Modern security operation centers (SOCs) typically use dozens of security tools to detect, investigate and remediate threats. More often than not, these tools do not "talk" to one another, but require security teams to learn a variety of systems and navigate multiple dashboards to do their jobs effectively. Security orchestration addresses such challenges by integrating these tools and creating a more efficient threat detection and response workflow that typically requires input from each tool. Security orchestration is one part of a complete security orchestration, automation and response (SOAR) solution.