中图分类号： TP309
文献标识码： A
DOI： 10.19358/j.issn.2096-5133.2021.03.004
引用格式： 赵粤征，叶建伟，贠珊，等. 基于SOAR的安全运营自动化关键技术构建及未来演进方向[J].信息技术与网络安全，2021，40(3)：19-27.

Key technology construction and future evolution direction of security operation automation based on SOAR

Abstract： Aiming at the existing security visual orchestration and automatic response technology, the paper proposes to integrate the complex security capabilities such as APT threat scenario, vulnerability, automatic response verification, and key infrastructure compliance management into the visual orchestration and automation response of the existing SOAR(Security Orchestration Automation Response), which complements and greatly enricates the conceptual scene of the SOAR proposed by Gartner，which significantly improves the effectiveness and maturity of security operations. Through DevSecOps open architecture and OpenC2 open management and control interface, it can adaptively support data access and security response control of different devices, and build a secure operation ecosystem around SOAR. On this basis, the future evolution direction of security operation automation is proposed, that is, to build a unified space cooperative combat system with multi-person collaboration, and quickly complete the information cycle and information reuse of "Policy, Protection, Detection and Response" by defining and improving the security analysis and response model with multi-person collaboration.

Key words : security operation automation；SOAR；DevSecOps open architecture；OpenC2 interface；secure operation ecosystem；unified space cooperative combat system