中圖分類號： TP309
文獻標識碼： A
DOI： 10.19358/j.issn.2096-5133.2021.03.004
引用格式： 趙粵征，葉建偉，贠珊，等. 基于SOAR的安全運營自動化關(guān)鍵技術(shù)構(gòu)建及未來演進方向[J].信息技術(shù)與網(wǎng)絡(luò)安全，2021，40(3)：19-27.

Key technology construction and future evolution direction of security operation automation based on SOAR

Abstract： Aiming at the existing security visual orchestration and automatic response technology, the paper proposes to integrate the complex security capabilities such as APT threat scenario, vulnerability, automatic response verification, and key infrastructure compliance management into the visual orchestration and automation response of the existing SOAR(Security Orchestration Automation Response), which complements and greatly enricates the conceptual scene of the SOAR proposed by Gartner，which significantly improves the effectiveness and maturity of security operations. Through DevSecOps open architecture and OpenC2 open management and control interface, it can adaptively support data access and security response control of different devices, and build a secure operation ecosystem around SOAR. On this basis, the future evolution direction of security operation automation is proposed, that is, to build a unified space cooperative combat system with multi-person collaboration, and quickly complete the information cycle and information reuse of "Policy, Protection, Detection and Response" by defining and improving the security analysis and response model with multi-person collaboration.

Key words : security operation automation；SOAR；DevSecOps open architecture；OpenC2 interface；secure operation ecosystem；unified space cooperative combat system