Abstract:
In every SOC team, a shift starts with hundreds, sometimes thousands, of alerts, and with even more during cyber incidents. In traditional SOC environments, most of these alerts need manual analysis and verification before action is taken. We live in the age of automation and AI, which SOC teams and attackers alike can use. When an attack is conducted with AI tools and automation, this can lead to a shorter response time [1]. Nowadays, there is a lack of IT personnel everywhere, especially those with adequate knowledge. SOC teams face the same personnel issue. The situation is even worse in 24/7 environments [2]. Night shifts are the hardest: false positives come up, people are tired because they normally sleep at these hours, and real threats sometimes go unnoticed. Traditional tools, such as SIEM, IPS/IDS, and EDR, are still part of every SOC and continue to detect threats, but cyber analysts must still perform most response steps by hand [3]. To overcome the problem where analysts have to work manually, SOAR platforms come into play. SOAR platforms connect to traditional SOC tools and leverage their data to automate repetitive tasks (such as IP reputation checks, WHOIS lookups, and hash verifications). In addition, SOAR introduces structure into incident response processes. In this way, security analysts have more time to do other work. This paper will examine the advantages and consequences of adopting SOAR in SOC, including process efficiency, process standardization, and expandability. This paper also discusses automation risks that are often not covered in vendor manuals [4]. Using SOAR can greatly reduce response time, sometimes by nearly half. Initial deployment typically takes several months (typically 3-6). The most important benefit for analysts is that they lose less time on repetitive tasks. The size of this benefit depends mostly on how well traditional SOC tools were prepared for integration with the SOAR platform and how well the integration went.
CITATION:
IEEE format
B. Stojanović, M. Premović, I. Petrović, “Advantages of SOAR in Comparison to Traditional Security Solutions,” in Sinteza 2025 - International Scientific Conference on Information Technology, Computer Science, and Data Science, Belgrade, Singidunum University, Serbia, 2026, pp. 117-122. doi:10.15308/Sinteza-2026-117-122
APA format
Stojanović, B., Premović, M., Petrović, I. (2026). Advantages of SOAR in Comparison to Traditional Security Solutions. Paper presented at Sinteza 2025 - International Scientific Conference on Information Technology, Computer Science, and Data Science. doi:10.15308/Sinteza-2026-117-122