Open Access

ARTICLE

AI/ML in Security Orchestration, Automation and Response: Future Research Directions

by Johnson Kinyua¹, Lawrence Awuah^2,*

1 College of Information Sciences and Technology, Pennsylvania State University, State College, PA 16801, USA
2 Department of Cybersecurity, University of Maryland Global Campus, Adelphi, MD 20783, USA

* Corresponding Author: Lawrence Awuah. Email:

(This article belongs to the Special Issue: Humans and Cyber Security Behaviour)

Intelligent Automation & Soft Computing 2021, 28(2), 527-545. https://doi.org/10.32604/iasc.2021.016240

Received 28 December 2020; Accepted 28 January 2021; Issue published 01 April 2021

Abstract

Today’s cyber defense capabilities in many organizations consist of a diversity of tools, products, and solutions, which are very challenging for Security Operations Centre (SOC) teams to manage in current advanced and dynamic cyber threat environments. Security researchers and industry practitioners have proposed security orchestration, automation, and response (SOAR) solutions designed to integrate and automate the disparate security tasks, processes, and applications in response to security incidents to empower SOC teams. The next big step for cyber threat detection, mitigation, and prevention efforts is to leverage AI/ML in SOAR solutions. AI/ML will act as a force multiplier empowering SOC analysts even further. We conducted a detailed survey by studying work by both security researchers and industry practitioners on SOAR, including its interpretations, from an AI/ML perspective by reviewing works published in academic journals, conferences, websites, blogs, white papers, etc. (a multi-vocal view). We report on our findings and future research directions in this area.

---

Keywords

---

Citations