Cybersecurity operations mitigation management

Abstract

Disclosed embodiments provide techniques for cybersecurity operations mitigation management. A plurality of network-connected cybersecurity threat protection applications is accessed. A plurality of inputs from the cybersecurity threat protection applications is received in response to one or more cybersecurity events. A cybersecurity mitigation is initiated, triggered by an analysis of the one or more security events. The mitigation is performed by at least one of the threat protection applications. The analysis is performed on a network-connected computer platform. The network-connected computer platform comprises a security automation and response system (SOAR) that enables the analysis, managing, and validating of the cybersecurity event mitigation. The mitigating and validating are based on a library of cybersecurity mitigation success metrics, including validators, success criteria, and time factors. The cybersecurity mitigation success metric library is maintained and updated based on a machine learning model.

CPC Classifications