Ai/ml in security orchestration, automation and response: Future research directions

Abstract

Today’s cyber defense capabilities in many organizations consist of a diversity of tools, products, and solutions, which are very challenging for Security Operations Centre (SOC) teams to manage in current advanced and dynamic cyber threat environments. Security researchers and industry practitioners have proposed security orchestration, automation, and response (SOAR) solutions designed to integrate and automate the disparate security tasks, processes, and applications in response to security incidents to empower SOC teams. The next big step for cyber threat detection, mitigation, and prevention efforts is to leverage AI/ML in SOAR solutions. AI/ML will act as a force multiplier empowering SOC analysts even further. We conducted a detailed survey by studying work by both security researchers and industry practitioners on SOAR, including its interpreta-tions, from an AI/ML perspective by reviewing works published in academic journals, conferences, websites, blogs, white papers, etc. (a multi-vocal view). We report on our findings and future research directions in this area.