Question

Administrators find they are repeating the same steps to verify intrusion detection system alerts and perform more repetitive steps to mitigate well-known attacks. Of the following choices, what can automate these steps?

1) Security Orchestration, Automation and Response (SOAR)
2) Security Information and Event Management (SIEM)
3) Network Intrusion Detection System (NIDS)
4) Data Loss Prevention System

Answer 1

Security Orchestration, Automation and Response (SOAR) is the tool that can automate the process of verifying intrusion detection system alerts and mitigate well-known attacks, improving efficiency and reducing human error.

Step-by-step explanation:

To automate the steps of verifying intrusion detection system alerts and mitigating well-known attacks, the correct choice is Security Orchestration, Automation and Response (SOAR). SOAR platforms allow organizations to collect security threats data from different sources and automate responses to low-level threats. This is essential for improving the efficiency of security operations by reducing the cognitive load on security personnel, thus decreasing the likelihood of errors as demonstrated in the study by Bruno & Abrahão (2012) regarding the impact of high volumes of decisions on operators in a banking institution's security center.

Security Information and Event Management (SIEM) is also relevant as it provides real-time analysis of security alerts generated by applications and network hardware. However, unlike SOAR, SIEM systems do not automate responses. Network Intrusion Detection Systems (NIDS) and Data Loss Prevention Systems are more focused on detection and protection respectively, and do not offer automated response capabilities comparable to SOAR.