1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 1, 2025
  4. Overview of the Fundamental Model of Security Orchestration, Automation, and Response in the Context of Cybersecurity of Virtual Networks

Overview of the Fundamental Model of Security Orchestration, Automation, and Response in the Context of Cybersecurity of Virtual Networks

CSN.
2025;
Volume 7, Number 1
: pp. 160 - 175
https://doi.org/10.23939/csn2025.01.160
Authors:
  1. O. Y. Kotliarov
  2. L. L. Bortnik
1
Lviv Polytechnic National University, Department of Information Protection
2
Lviv Polytechnic National University, Information Security Department

The aim of this study is a comprehensive analysis of the fundamental SOAR (Security Orchestration, Automation, and Response) model in the context of cybersecurity for virtual networks. The paper presents a synthesis of the core concepts of orchestration, automation, and response, which are critical elements of modern approaches to risk management and information system protection. Particular attention is paid to the integration of SOAR with existing cybersecurity technologies such as SIEM, EDR, and XDR, enabling the creation of a unified security ecosystem that ensures rapid threat detection, classification, and response.
The study examines the classification of threats inherent to decentralized and multi-cloud environments, including protocol-level attacks, data breaches, and insider threats, while emphasizing specific challenges such as network configuration dynamics and the scalability of security solutions. A comparative analysis of SOAR’s compliance with international cybersecurity standards (NIST, ISO 27001) demonstrates its ability to harmonize approaches and automate compliance procedures with regulatory requirements.
The research also covers prospective directions for SOAR development, including the implementation of artificial intelligence and self-learning algorithms for adaptive threat management, the use of digital twins to simulate security scenarios, and adaptation to the challenges of quantum computing. Additionally, the role of big data in enhancing SOAR functionality is highlighted, particularly in reducing false positives and identifying multi-vector attacks.
The results of this study have an applied nature and are aimed at improving cybersecurity tools to ensure comprehensive protection of virtualized environments. It is concluded that the SOAR model is a key component in forming strategic approaches to the protection of information assets in the context of evolving cyber threats.

cybersecurity
SOAR
automation
multi-cloud environments
risk management
security standards
virtual networks
network traffic
  1. Mykhaylova O., Fedynyshyn T., Datsiuk A., Fihol B., Hulak H. Mobile application as a critical infrastructure cyberattack surface. In CEUR Workshop Proceedings. 2023. Vol. 3550. Pp. 29–43. DOI: https://doi.org/10.15587/978-617-8360-12-2.
  2. Shevchuk D., Harasymchuk O., Partyka A., Korshun N. Designing secured services for authentication, authorization, and accounting of users (short paper). In CPITS II 2023. Pp. 217–225. DOI: https://doi.org/10.28925/2663-4023.2023.20.272282.
  3. Barnes S. SOAR platforms and compliance automation. Journal of Cyber Law. 2023. 18(2). 23–34.
  4. White J. Automating security workflows with SOAR. Cyber Defense Magazine. 2022. 7(2). 41–50.
  5. Kotlyarov O. Yu., Bortnik L. L. Comparative analysis of modern virtual network protection systems and their methodologies. Modern Information Protection. 2024. 4(60). 60–72. DOI: https://doi.org/10.31673/2409- 7292.2024.040007.
  6. Johnson K. The impact of automation in security operations centers. Cybersecurity Review. 2022. 15(2). 33–45.
  7. Anderson J., Parker R. The role of SOAR platforms in modern SOCs. Journal of Cybersecurity Automation. 2023. 12(3). 45–60.
  8. Ocheretny S. O., Kryzhanovsky V. G. Intrusion detection and prevention systems: the most successful practices. 2024. URL: http://cit-journal.com.ua/index.php/cit/article/view/209 https://jpasmd.donnu.edu.ua/ article/view/ 14833 (Accessed: 4 January 2025).
  9. Octava (n.d.). We process 5000+ cybersecurity alerts per day. URL: https://octava.ua/en/cyber-security/ (Accessed: 10 January 2025).
  10. Korobeinikova T. I., Tsar O. O. Analysis of modern open intrusion detection and prevention systems. Grail of Science. 2023. (27). 317–325. DOI: https://doi.org/10.36074/grail-of-science.12.05.2023.050.
  11. Susukailo V. V. Using the DEVSECOPS approach to analyze modern information security threats. Electronic Professional Scientific Publication “Cybersecurity: Education, Science, Technology”. 2021. 2(14), 26–35. DOI:    https://doi.org/10.28925/2663-4023.2021.14.2635.
  12. Smith D. How SOAR platforms enhance incident response. Information Security Journal. 2023. 11(5). 78–84.
  13. Kim J. Orchestrating multi-vendor security solutions with SOAR. Cybersecurity Automation Journal. 2023. 12(4). 70–78.
  14. Green A. SOAR and threat intelligence integration. Journal of Threat Intelligence. 2023. 6(1). 12–20.
  15. Mtakai N. J. (n.d.). The role of security orchestration, automation, and response (SOAR) platforms. LinkedIn. URL: https://www.linkedin.com/pulse/role-security-orchestration-automation-response-soar-platforms- 4fncf (Accessed: 9 January 2025).
  16. Koloshchuk M. S., Dyachuk O. Yu., Okunkova O. O., Pirog  O. V. Artificial intelligence tools for penetration testing automation. Technical Engineering. 2025. 2(94). 121–128. DOI: https://doi.org/10.26642/ten- 2024-2(94)-121-128.
  17. Liga.net. (n.d.). AI risk: how artificial intelligence shapes new horizons of corporate security. URL: https://mindblastai.com/data-leaks-in-ai-risks-and-controversies/ (Accessed: 9 January 2025).
  18. Black P. The role of SOAR in mitigating human error. Journal of Information Security. 2023. 13(3). 29–38.
  19. Buryachok V. L. et al. Network infrastructure security technologies: Textbook. Kyiv : KUBG, 2019.
  20. Patel N. Automating incident response with SOAR. Computer Security Review. 2022. 14(6). 53–62.
  21. Kushnerev O., Pozovna I., Sokol V. Influence of neuronal networks on development cybersecurity in the conditions of regulatory changes. Ukrainian Scientific Journal of Information Security. 2024. 30(2). 261–269. DOI: https://doi.org/10.18372/2225-5036.30.19238.
  22. Masood S., Anwar Z. A comprehensive survey on SOAR platforms in cybersecurity. Computers & Security. 2024. 133. DOI: https://doi.org/10.1016/j.cose.2024.102892.
  23. Prates L., Faustino J., Silva M., Pereira R. DevSecOps metrics. In Information Systems: Research, Development, Applications, Education Springer International Publishing, 2019. Pp. 77–90. DOI: https://doi.org/10.1007/978-3-030-29608-7_7.
  24. Chakravarty Sh. (n.d.). How SOAR transforms security operations: A real-world case study. SANS Institute. URL: https://www.sans.org/blog/how-soar-transforms-security-operations-a-real-world-case-study/ (Accessed: 5 January 2025).
  25. Selvidge J. (n.d.). Understanding the role of SOAR in business cybersecurity operations. SecureTrust. URL: https://securetrust.io/blog/understanding-the-role-of-soar-in-business-c... (Accessed: 11 January 2025).
  26. Lee S. SOAR platforms: A new era in cybersecurity automation. Technology Today. 2023. 19(4). 102–109.