Security orchestration is a term applied to technologies that connect other security tools to sources of information, organizational processes, and the people that use them. For example, adding support for a wide variety of file formats makes it easier to leverage sources of security data throughout an organization. With plugins for threat intelligence services, analysts can also retrieve relevant data when they need it most, such as during incident investigations.
While the phrases “security automation” and “security orchestration” are sometimes used interchangeably, they don’t mean exactly the same thing. Automation can be seen as a subset of orchestration, since automation streamlines processes to make use of available information without human intervention. At times, the information and automation components of orchestration are closely linked, as in the case of software that automatically retrieves threat intelligence without an analyst requesting it.