|
Work item:
|
X.soar-cc
|
|
Subject/title:
|
Framework of security orchestration, automation and response for cloud computing
|
|
Status:
|
Under study [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2025-12 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
-
|
|
Summary:
|
Nowadays, with the evolution of network security strategy, the security architecture for CSPs or CSCs has changed from a simple combination of prevention and recover to a new stage integrating detection, prevention, and response.
Due to the maturity of technological ecology, the leading enterprises and organizations have paid more attention to SOAR. SOAR is regarded as the key technology to improve the network elasticity and the efficiency of security operation for cloud computing, which can be detailed as follows:
With the help of artificial intelligence (AI), it is possible to build a security operation functionality in cloud that includes threat analysis and automatic response, which could greatly improve the efficiency of security operation.
In the cloud computing, SOAR has naturally a cost advantage.
Due to the development of cloud native technology, there are new ways to implement incident response in cloud computing.
This Recommendation describes the overview SOAR for cloud computing, including the definition and the emerging background of SOAR. And it analyses the advantages of SOAR coping with security threats of cloud computing especially in incident response. Then it also provides a framework of SOAR for cloud computing to improve the efficiency of security operations for both CSPs and CSCs.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
| |
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2022-06-03 17:31:08
|
|
Last update:
2025-03-24 13:03:42
|
