{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T16:51:44Z","timestamp":1773075104355,"version":"3.50.1"},"reference-count":123,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2019,4,30]],"date-time":"2019-04-30T00:00:00Z","timestamp":1556582400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2020,3,31]]},"abstract":"<jats:p>Organizations use diverse types of security solutions to prevent cyber-attacks. Multiple vendors provide security solutions developed using heterogeneous technologies and paradigms. Hence, it is a challenging rather impossible to easily make security solutions to work an integrated fashion. Security orchestration aims at smoothly integrating multivendor security tools that can effectively and efficiently interoperate to support security staff of a Security Operation Centre (SOC). Given the increasing role and importance of security orchestration, there has been an increasing amount of literature on different aspects of security orchestration solutions. However, there has been no effort to systematically review and analyze the reported solutions. We report a Multivocal Literature Review that has systematically selected and reviewed both academic and grey (blogs, web pages, white papers) literature on different aspects of security orchestration published from January 2007 until July 2017. The review has enabled us to provide a working definition of security orchestration and classify the main functionalities of security orchestration into three main areas\u2014unification, orchestration, and automation. We have also identified the core components of a security orchestration platform and categorized the drivers of security orchestration based on technical and socio-technical aspects. We also provide a taxonomy of security orchestration based on the execution environment, automation strategy, deployment type, mode of task and resource type. This review has helped us to reveal several areas of further research and development in security orchestration.<\/jats:p>","DOI":"10.1145\/3305268","type":"journal-article","created":{"date-parts":[[2019,5,1]],"date-time":"2019-05-01T12:20:39Z","timestamp":1556713239000},"page":"1-45","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":73,"title":["A Multi-Vocal Review of Security Orchestration"],"prefix":"10.1145","volume":"52","author":[{"given":"Chadni","family":"Islam","sequence":"first","affiliation":[{"name":"University of Adelaide, CREST - The Centre for Research on Engineering Software Technologies, and Data61, CSIRO, Australia"}]},{"given":"Muhammad Ali","family":"Babar","sequence":"additional","affiliation":[{"name":"University of Adelaide and CREST - The Centre for Research on Engineering Software Technologies, Australia"}]},{"given":"Surya","family":"Nepal","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Australia"}]}],"member":"320","published-online":{"date-parts":[[2019,4,30]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2016.02.005"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2013.12.004"},{"key":"e_1_2_1_3_1","volume-title":"Verizon 2017 Data Breach Investigations Report. Retrieved","year":"2017","unstructured":"2017. Verizon 2017 Data Breach Investigations Report. Retrieved December 5, 2017 from http:\/\/www.verizonenterprise.com\/verizon-insights-lab\/dbir\/2017\/. 2017. Verizon 2017 Data Breach Investigations Report. Retrieved December 5, 2017 from http:\/\/www.verizonenterprise.com\/verizon-insights-lab\/dbir\/2017\/."},{"key":"e_1_2_1_4_1","volume-title":"2017 Cost of Data Breach Study: Global Overview. Retrieved","author":"IBM.","year":"2017","unstructured":"IBM. 2017 Cost of Data Breach Study: Global Overview. Retrieved December 1, 2017 from https:\/\/www.ibm.com\/security\/data-breach. IBM. 2017 Cost of Data Breach Study: Global Overview. Retrieved December 1, 2017 from https:\/\/www.ibm.com\/security\/data-breach."},{"key":"e_1_2_1_5_1","unstructured":"Equifax. 2017. Retrieved November 10 2017 from https:\/\/www.equifax.com\/personal\/. Equifax. 2017. Retrieved November 10 2017 from https:\/\/www.equifax.com\/personal\/."},{"key":"e_1_2_1_6_1","volume-title":"Equifax: The Company That Screwed Consumers the Most in 2017. Retrieved","author":"Ethan W. M.","year":"2017","unstructured":"W. M. Ethan . 2017 . Equifax: The Company That Screwed Consumers the Most in 2017. Retrieved January 5, 2017 from https:\/\/finance.yahoo.com\/news\/equifax-company-screwed-consumers-2017-163011368.html. W. M. Ethan. 2017. Equifax: The Company That Screwed Consumers the Most in 2017. Retrieved January 5, 2017 from https:\/\/finance.yahoo.com\/news\/equifax-company-screwed-consumers-2017-163011368.html."},{"key":"e_1_2_1_7_1","volume-title":"Equifax Data Breach Impacts 143 Million Americans. Retrieved","author":"Lee M.","year":"2017","unstructured":"M. Lee . 2017. Equifax Data Breach Impacts 143 Million Americans. Retrieved December 5, 2017 from https:\/\/www.forbes.com\/sites\/leemathews\/2017\/09\/07\/equifax-data-breach-impacts-143-million-americans\/#1abcaed0356f. M. Lee. 2017. Equifax Data Breach Impacts 143 Million Americans. Retrieved December 5, 2017 from https:\/\/www.forbes.com\/sites\/leemathews\/2017\/09\/07\/equifax-data-breach-impacts-143-million-americans\/#1abcaed0356f."},{"key":"e_1_2_1_8_1","volume-title":"Retrieved","author":"Todd H.","year":"2017","unstructured":"H. Todd . 2017 . Credit Reporting Firm Equifax says Data Breach could Potentially Affect 143 Million US Consumers . Retrieved October 30, 2017 from https:\/\/www.cnbc.com\/2017\/09\/07\/credit-reporting-firm-equifax-says-cybersecurity-incident-could-potentially-affect-143-million-us-consumers.html. H. Todd. 2017. Credit Reporting Firm Equifax says Data Breach could Potentially Affect 143 Million US Consumers. Retrieved October 30, 2017 from https:\/\/www.cnbc.com\/2017\/09\/07\/credit-reporting-firm-equifax-says-cybersecurity-incident-could-potentially-affect-143-million-us-consumers.html."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2015.11.016"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.10.016"},{"key":"e_1_2_1_11_1","unstructured":"Komand. Retrieved September 23 2017 from https:\/\/www.komand.com\/. Komand. Retrieved September 23 2017 from https:\/\/www.komand.com\/."},{"key":"e_1_2_1_12_1","volume-title":"Retrieved","author":"Security Intel","year":"2017","unstructured":"Intel Security . Automating the Threat Defence Lifecycle . Retrieved October 20, 2017 from https:\/\/www.mcafee.com\/au\/solutions\/orchestration.aspx. Intel Security. Automating the Threat Defence Lifecycle. Retrieved October 20, 2017 from https:\/\/www.mcafee.com\/au\/solutions\/orchestration.aspx."},{"key":"e_1_2_1_13_1","unstructured":"HEXADITE. Retrieved August 07 2017 from https:\/\/www.hexadite.com\/. HEXADITE. Retrieved August 07 2017 from https:\/\/www.hexadite.com\/."},{"key":"e_1_2_1_14_1","volume-title":"Retrieved","author":"Schneier B.","year":"2017","unstructured":"B. Schneier . 2017 . Security Orchestration for an Uncertain World . Retrieved April 30, 2017 from https:\/\/securityintelligence.com\/security-orchestration-for-an-uncertain-world\/. B. Schneier. 2017. Security Orchestration for an Uncertain World. Retrieved April 30, 2017 from https:\/\/securityintelligence.com\/security-orchestration-for-an-uncertain-world\/."},{"key":"e_1_2_1_15_1","volume-title":"Open Security Controller: Security Orchestration for OpenStack. Retrieved","author":"Dave M.","year":"2017","unstructured":"M. Dave and V. Viswanathan . 2017 . Open Security Controller: Security Orchestration for OpenStack. Retrieved November 20, 2017 from https:\/\/www.rsaconference.com\/events\/us17\/agenda\/sessions\/6582-open-security-controller-security-orchestration-for. M. Dave and V. Viswanathan. 2017. Open Security Controller: Security Orchestration for OpenStack. Retrieved November 20, 2017 from https:\/\/www.rsaconference.com\/events\/us17\/agenda\/sessions\/6582-open-security-controller-security-orchestration-for."},{"key":"e_1_2_1_16_1","volume-title":"Enterprise Level Security Orchestration","author":"Digiambattista E.","unstructured":"E. Digiambattista . 2017. Enterprise Level Security Orchestration . Cybric Inc., Boston, MA. E. Digiambattista. 2017. Enterprise Level Security Orchestration. Cybric Inc., Boston, MA."},{"key":"e_1_2_1_17_1","unstructured":"H. Nadkarni. 2017. Security Orchestration Framework. McAfee LLC. US. Patent No. H. Nadkarni. 2017. Security Orchestration Framework. McAfee LLC. US. Patent No."},{"key":"e_1_2_1_18_1","volume-title":"Retrieved","author":"Rochford O.","year":"2017","unstructured":"O. Rochford . 2017 . When Is Security Automation and Orchestration a Must-Have Technology? Addressing Gartner's SOAR Question . Retrieved October 29, 2017 from https:\/\/www.dflabs.com\/blog\/when-is-security-automation-and-orchestration-a-must-have-technology-addressing-gartner-soar-question\/. O. Rochford. 2017. When Is Security Automation and Orchestration a Must-Have Technology? Addressing Gartner's SOAR Question. Retrieved October 29, 2017 from https:\/\/www.dflabs.com\/blog\/when-is-security-automation-and-orchestration-a-must-have-technology-addressing-gartner-soar-question\/."},{"key":"e_1_2_1_19_1","volume-title":"Retrieved","author":"SWIMLANE.","year":"2017","unstructured":"SWIMLANE. Security Automation and Orchestration (SAO) Capabilities . Retrieved October 20, 2017 from https:\/\/swimlane.com\/ebook-sao-capabilities\/. SWIMLANE. Security Automation and Orchestration (SAO) Capabilities. Retrieved October 20, 2017 from https:\/\/swimlane.com\/ebook-sao-capabilities\/."},{"key":"e_1_2_1_20_1","volume-title":"Retrieved","author":"Spanbauer M.","year":"2015","unstructured":"M. Spanbauer . 2015 . Security Orchestration -- Integration, Process, and Wise Investments Driven by a Security Conductor . Retrieved October 21, 2017 from https:\/\/www.nsslabs.com\/blog\/analyst-insights\/security-orchestration-integration-process-and-wise-investments-driven-by-a-security-conductor\/. M. Spanbauer. 2015. Security Orchestration -- Integration, Process, and Wise Investments Driven by a Security Conductor. Retrieved October 21, 2017 from https:\/\/www.nsslabs.com\/blog\/analyst-insights\/security-orchestration-integration-process-and-wise-investments-driven-by-a-security-conductor\/."},{"key":"e_1_2_1_21_1","volume-title":"Top 5 best Practices to Automate Security Operations. Retrieved","author":"Trull J.","year":"2017","unstructured":"J. Trull . 2017. Top 5 best Practices to Automate Security Operations. Retrieved September 5, 2017 from https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2017\/08\/03\/top-5-best-practices-to-automate-security-operations\/. J. Trull. 2017. Top 5 best Practices to Automate Security Operations. Retrieved September 5, 2017 from https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2017\/08\/03\/top-5-best-practices-to-automate-security-operations\/."},{"key":"e_1_2_1_22_1","unstructured":"I. Resilient. Retrieved October 28 2017 from https:\/\/www.resilientsystems.com\/. I. Resilient. Retrieved October 28 2017 from https:\/\/www.resilientsystems.com\/."},{"key":"e_1_2_1_23_1","volume-title":"Retrieved","author":"TDG.","year":"2017","unstructured":"TDG. 2017 . Security Orchestration Fine-Tunes the Incident Response Process . Retrieved October 25, 2017 from https:\/\/www.turremgroup.com\/security-orchestration-fine-tunes-the-incident-response-process\/. TDG. 2017. Security Orchestration Fine-Tunes the Incident Response Process. Retrieved October 25, 2017 from https:\/\/www.turremgroup.com\/security-orchestration-fine-tunes-the-incident-response-process\/."},{"key":"e_1_2_1_24_1","volume-title":"Verizon 2016 Data Breach Investigations Report. Retrieved","year":"2017","unstructured":"2016. Verizon 2016 Data Breach Investigations Report. Retrieved September 2, 2017 from http:\/\/www.verizonenterprise.com\/verizon-insights-lab\/dbir\/. 2016. Verizon 2016 Data Breach Investigations Report. Retrieved September 2, 2017 from http:\/\/www.verizonenterprise.com\/verizon-insights-lab\/dbir\/."},{"key":"e_1_2_1_25_1","volume-title":"Retrieved","year":"2017","unstructured":"BakerHosteller. 2017 . Be Compromise Ready: Go Back to the Basics\u20142017 Data Security Incident Response Report . Retrieved August 20, 2017 from https:\/\/www.bakerlaw.com\/events\/webinar-be-compromise-ready-go-back-to-the-basics. BakerHosteller. 2017. Be Compromise Ready: Go Back to the Basics\u20142017 Data Security Incident Response Report. Retrieved August 20, 2017 from https:\/\/www.bakerlaw.com\/events\/webinar-be-compromise-ready-go-back-to-the-basics."},{"key":"e_1_2_1_26_1","volume-title":"Retrieved","year":"2017","unstructured":"l. Dave. 2017 . Food Chain Wendy's Hit by Massive Hack . Retrieved September 20, 2017 from http:\/\/www.bbc.com\/news\/technology-36742599. l. Dave. 2017. Food Chain Wendy's Hit by Massive Hack. Retrieved September 20, 2017 from http:\/\/www.bbc.com\/news\/technology-36742599."},{"key":"e_1_2_1_27_1","volume-title":"Retrieved","year":"2016","unstructured":"KrebsonSecurity. 2016 . Wendy's Breach . Retrieved November 20, 2017 from https:\/\/krebsonsecurity.com\/tag\/wendys-breach\/. KrebsonSecurity. 2016. Wendy's Breach. Retrieved November 20, 2017 from https:\/\/krebsonsecurity.com\/tag\/wendys-breach\/."},{"key":"e_1_2_1_28_1","unstructured":"O. Rochford and P. E. Proctor. 2015. Innovation Tech Insight for Security Operations Analytics and Reporting. Gartner. O. Rochford and P. E. Proctor. 2015. Innovation Tech Insight for Security Operations Analytics and Reporting. Gartner."},{"key":"e_1_2_1_29_1","volume-title":"Retrieved","author":"Security I.","year":"2017","unstructured":"I. Security . Open Security Controller: A security Orchestration Platform for the Software-defined Datacentre . Retrieved October 23, 2017 from https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/datasheets\/open-security-controller-datasheet.pdf. I. Security. Open Security Controller: A security Orchestration Platform for the Software-defined Datacentre. Retrieved October 23, 2017 from https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/datasheets\/open-security-controller-datasheet.pdf."},{"key":"e_1_2_1_30_1","doi-asserted-by":"crossref","DOI":"10.53829\/ntr201512fa4","article-title":"Security orchestration with a global threat intelligence platform","volume":"13","author":"Koyama T.","year":"2015","unstructured":"T. Koyama , B. Hu , Y. Nagafuchi , E. Shioji , and K. Takahashi . 2015 . Security orchestration with a global threat intelligence platform . NTT Techn. Rev. 13 , 12 (2015). T. Koyama, B. Hu, Y. Nagafuchi, E. Shioji, and K. Takahashi. 2015. Security orchestration with a global threat intelligence platform. NTT Techn. Rev. 13, 12 (2015).","journal-title":"NTT Techn. Rev."},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the 2016 IEEE International Conference on Communications Workshops (ICC'16)","author":"Luo S.","unstructured":"S. Luo and M. B. Salem . 2016. Orchestration of software-defined security services . In Proceedings of the 2016 IEEE International Conference on Communications Workshops (ICC'16) . 436--441. S. Luo and M. B. Salem. 2016. Orchestration of software-defined security services. In Proceedings of the 2016 IEEE International Conference on Communications Workshops (ICC'16). 436--441."},{"key":"e_1_2_1_32_1","unstructured":"R. Poornachandran S. Shahidzadeh S. Das V. J. Zimmer S. Vashisth and P. Sharma. 2016. Premises-aware Security and Policy Orchestration. McAfee LLC. R. Poornachandran S. Shahidzadeh S. Das V. J. Zimmer S. Vashisth and P. Sharma. 2016. Premises-aware Security and Policy Orchestration. McAfee LLC."},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201917)","author":"Yu T.","unstructured":"T. Yu , S. K. Fayaz , M. Collins , V. Sekar , and S. Seshan . 2017. PSI: Precise security instrumentation for enterprise networks . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201917) . T. Yu, S. K. Fayaz, M. Collins, V. Sekar, and S. Seshan. 2017. PSI: Precise security instrumentation for enterprise networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201917)."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2915970.2916008"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2012.12.052"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.09.009"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.01.001"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2016.04.015"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2014.03.071"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2016.06.007"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2013.162"},{"key":"e_1_2_1_43_1","volume-title":"Proceedings of the 7th International Conference on Ambient Systems, Networks and Technologies. 139--146","author":"Kenaza T.","unstructured":"T. Kenaza and M. Aiash . 2016. Toward an efficient ontology-based event correlation in SIEM . In Proceedings of the 7th International Conference on Ambient Systems, Networks and Technologies. 139--146 . T. Kenaza and M. Aiash. 2016. Toward an efficient ontology-based event correlation in SIEM. In Proceedings of the 7th International Conference on Ambient Systems, Networks and Technologies. 139--146."},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of the IEEE International Conference on Fuzzy Systems. 1--8.","author":"Elshoush H. T.","unstructured":"H. T. Elshoush and I. M. Osman . 2010. Reducing false positives through fuzzy alert correlation in collaborative intelligent intrusion detection systems\u2014A review . In Proceedings of the IEEE International Conference on Fuzzy Systems. 1--8. H. T. Elshoush and I. M. Osman. 2010. Reducing false positives through fuzzy alert correlation in collaborative intelligent intrusion detection systems\u2014A review. In Proceedings of the IEEE International Conference on Fuzzy Systems. 1--8."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2007.128"},{"key":"e_1_2_1_46_1","volume-title":"Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN\u201908)","author":"Saad R.","unstructured":"R. Saad , F. Nait-Abdesselam , and A. Serhrouchni . 2008. A collaborative peer-to-peer architecture to defend against DDoS attacks . In Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN\u201908) . 427--434. R. Saad, F. Nait-Abdesselam, and A. Serhrouchni. 2008. A collaborative peer-to-peer architecture to defend against DDoS attacks. In Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN\u201908). 427--434."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978315"},{"key":"e_1_2_1_48_1","volume-title":"Proceedings of the 7th International Conference on Network and Services Management. 248--253","author":"Fung C.","unstructured":"C. Fung , Q. Zhu , R. Boutaba , and T. Basar . 2011. SMURFEN: A system framework for rule sharing collaborative intrusion detection . In Proceedings of the 7th International Conference on Network and Services Management. 248--253 . C. Fung, Q. Zhu, R. Boutaba, and T. Basar. 2011. SMURFEN: A system framework for rule sharing collaborative intrusion detection. In Proceedings of the 7th International Conference on Network and Services Management. 248--253."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.04.018"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2683467.2683474"},{"key":"e_1_2_1_51_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.53829\/ntr201407fa3","article-title":"Resilient security technology for rapid recovery from cyber attacks","volume":"12","author":"Koyama T.","year":"2014","unstructured":"T. Koyama , K. Hato , H. Kitazume , and M. Nagafuchi . 2014 . Resilient security technology for rapid recovery from cyber attacks . NTT Techn. Rev. 12 , 2 (2014), 1 -- 4 . T. Koyama, K. Hato, H. Kitazume, and M. Nagafuchi. 2014. Resilient security technology for rapid recovery from cyber attacks. NTT Techn. Rev. 12, 2 (2014), 1--4.","journal-title":"NTT Techn. Rev."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.514"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2994539.2994546"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2876019.2876023"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2671491.2671493"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1854099.1854125"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029811"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2014.06.022"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2014.252"},{"key":"e_1_2_1_60_1","volume-title":"Proceedings of the 2009 IEEE International Conference on Communications. 1--6.","author":"Alsubhi K.","unstructured":"K. Alsubhi , I. Aib , J. Francois , and R. Boutaba . 2009. Policy-based security configuration management, application to intrusion detection and prevention . In Proceedings of the 2009 IEEE International Conference on Communications. 1--6. K. Alsubhi, I. Aib, J. Francois, and R. Boutaba. 2009. Policy-based security configuration management, application to intrusion detection and prevention. In Proceedings of the 2009 IEEE International Conference on Communications. 1--6."},{"key":"e_1_2_1_61_1","volume-title":"Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST\u201912)","author":"Zhao W.","unstructured":"W. Zhao and G. White . 2012. A collaborative information sharing framework for Community Cyber Security . In Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST\u201912) . 457--462. W. Zhao and G. White. 2012. A collaborative information sharing framework for Community Cyber Security. In Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST\u201912). 457--462."},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICIS.2008.50"},{"key":"e_1_2_1_63_1","volume-title":"Proceedings of the 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS\u201913)","author":"Sadighian A.","unstructured":"A. Sadighian , S. T. Zargar , J. M. Fernandez , and A. Lemay . 2013. Semantic-based context-aware alert fusion for distributed intrusion detection systems . In Proceedings of the 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS\u201913) . La Rochelle, France, 1--6. A. Sadighian, S. T. Zargar, J. M. Fernandez, and A. Lemay. 2013. Semantic-based context-aware alert fusion for distributed intrusion detection systems. In Proceedings of the 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS\u201913). La Rochelle, France, 1--6."},{"key":"e_1_2_1_64_1","volume-title":"Proceedings of the 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC\u201916)","author":"Modi A.","unstructured":"A. Modi , Z. Sun , A. Panwar , T. Khairnar , Z. Zhao , A. Doupe , G.-J. Ahn , and P. Black . 2016. Towards automated threat intelligence fusion . In Proceedings of the 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC\u201916) . 408--416. A. Modi, Z. Sun, A. Panwar, T. Khairnar, Z. Zhao, A. Doupe, G.-J. Ahn, and P. Black. 2016. Towards automated threat intelligence fusion. In Proceedings of the 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC\u201916). 408--416."},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/CMC.2011.94"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2012.04.001"},{"key":"e_1_2_1_67_1","volume-title":"Proceedings of the 2014 IEEE Conference on Computer Communications Workshop. 506--511","author":"Bou-Harb E.","unstructured":"E. Bou-Harb , M. Debbabi , and C. Assi . 2014. Behavioral analytics for inferring large-scale orchestrated probing events . In Proceedings of the 2014 IEEE Conference on Computer Communications Workshop. 506--511 E. Bou-Harb, M. Debbabi, and C. Assi. 2014. Behavioral analytics for inferring large-scale orchestrated probing events. In Proceedings of the 2014 IEEE Conference on Computer Communications Workshop. 506--511"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2009.03.002"},{"key":"e_1_2_1_69_1","first-page":"3","article-title":"A semantic approach to secure collaborative inter-organizational eBusiness proceses (SSCIOBP)","volume":"9","author":"D'Aubeterre F.","year":"2008","unstructured":"F. D'Aubeterre , R. Singh , and L. Iyer . 2008 . A semantic approach to secure collaborative inter-organizational eBusiness proceses (SSCIOBP) . J. Assoc. Inf. Syst. 9 , 3 - 4 (2008), 231--266. F. D'Aubeterre, R. Singh, and L. Iyer. 2008. A semantic approach to secure collaborative inter-organizational eBusiness proceses (SSCIOBP). J. Assoc. Inf. Syst. 9, 3-4 (2008), 231--266.","journal-title":"J. Assoc. Inf. Syst."},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2013.05.007"},{"key":"e_1_2_1_71_1","doi-asserted-by":"crossref","unstructured":"E. Al-Shaer X. Ou and G. Xie. 2013. Automated Security Management. Springer International Publishing. E. Al-Shaer X. Ou and G. Xie. 2013. Automated Security Management. Springer International Publishing.","DOI":"10.1007\/978-3-319-01433-3"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1002\/sys.21206"},{"key":"e_1_2_1_73_1","doi-asserted-by":"crossref","DOI":"10.53829\/ntr201210fa4","article-title":"Tighter security operations to help provide brands that are safer and more secure","volume":"10","author":"Tanemo F.","year":"2012","unstructured":"F. Tanemo , I. Hayashi , M. Tanikawa , and T. Abe . 2012 . Tighter security operations to help provide brands that are safer and more secure . NTT Techn. Rev. 10 , 10 (2012). F. Tanemo, I. Hayashi, M. Tanikawa, and T. Abe. 2012. Tighter security operations to help provide brands that are safer and more secure. NTT Techn. Rev. 10, 10 (2012).","journal-title":"NTT Techn. Rev."},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1002\/dac.2323"},{"key":"e_1_2_1_75_1","first-page":"52","article-title":"Practice within fujitsu of security operations center: Operation and security dashboard. Fujitsu Sci","volume":"52","author":"Sadamatsu T.","year":"2016","unstructured":"T. Sadamatsu , Y. Yoneyama , and K. Yajima . 2016 . Practice within fujitsu of security operations center: Operation and security dashboard. Fujitsu Sci . Techn. J. 52 , 3 (2016), 52 -- 58 . T. Sadamatsu, Y. Yoneyama, and K. Yajima. 2016. Practice within fujitsu of security operations center: Operation and security dashboard. Fujitsu Sci. Techn. J. 52, 3 (2016), 52--58.","journal-title":"Techn. J."},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/IMF.2013.21"},{"key":"e_1_2_1_77_1","doi-asserted-by":"crossref","unstructured":"T. Ntouskas G. Pentafronimos and S. Papastergiou. 2011. STORM\u2014Collaborative security management environment. In Lecture Notes in Computer Science. 320--335. T. Ntouskas G. Pentafronimos and S. Papastergiou. 2011. STORM\u2014Collaborative security management environment. In Lecture Notes in Computer Science. 320--335.","DOI":"10.1007\/978-3-642-21040-2_23"},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCM.2008.126"},{"key":"e_1_2_1_79_1","volume-title":"Retrieved","year":"2017","unstructured":"McAfee. MacAfee Orchestration Platform . Retrieved October 10, 2017 from https:\/\/www.mcafee.com\/au\/solutions\/orchestration.aspx. McAfee. MacAfee Orchestration Platform. Retrieved October 10, 2017 from https:\/\/www.mcafee.com\/au\/solutions\/orchestration.aspx."},{"key":"e_1_2_1_80_1","volume-title":"Retrieved","author":"Orchestrator Security","year":"2017","unstructured":"FireEye. Security Orchestrator : Simplify threat response through integration and automation . Retrieved October 31, 2017 from https:\/\/www.fireeye.com\/solutions\/security-orchestrator.html. FireEye. Security Orchestrator: Simplify threat response through integration and automation. Retrieved October 31, 2017 from https:\/\/www.fireeye.com\/solutions\/security-orchestrator.html."},{"key":"e_1_2_1_81_1","volume-title":"Retrieved","year":"2017","unstructured":"Demisto. 2017 . Security Orchestration and Automation . Retrieved October 11, 2017 from https:\/\/www.demisto.com\/wp-content\/uploads\/2017\/04\/MH-Demisto-Security-Automation-WP.pdf. Demisto. 2017. Security Orchestration and Automation. Retrieved October 11, 2017 from https:\/\/www.demisto.com\/wp-content\/uploads\/2017\/04\/MH-Demisto-Security-Automation-WP.pdf."},{"key":"e_1_2_1_82_1","unstructured":"IBM. IBM Resilient. Retrieve August 20 2017 from https:\/\/www.resilientsystems.com\/. IBM. IBM Resilient. Retrieve August 20 2017 from https:\/\/www.resilientsystems.com\/."},{"key":"e_1_2_1_83_1","volume-title":"Retrieved","author":"Blankership J.","year":"2017","unstructured":"J. Blankership , S. Balaouras , B. Barringham , and R. Birrell . 2017. Breakout Vendors: Security Automation and Orchestration (SAO) . Retrieved October 10, 2017 from https:\/\/www.forrester.com\/report\/Breakout+Vendors+Security+Automation+And+Orchestration+SAO\/-\/E-RES136903. J. Blankership, S. Balaouras, B. Barringham, and R. Birrell. 2017. Breakout Vendors: Security Automation and Orchestration (SAO). Retrieved October 10, 2017 from https:\/\/www.forrester.com\/report\/Breakout+Vendors+Security+Automation+And+Orchestration+SAO\/-\/E-RES136903."},{"key":"e_1_2_1_84_1","volume-title":"Retrieved","author":"Forte D.","year":"2017","unstructured":"D. Forte . 2017 . Security Orchestration 8 Automation: Parsing the Options . Retrieved September, 2017 from https:\/\/www.darkreading.com\/threat-intelligence\/security-orchestration-and-automation-parsing-the-options\/a\/d-id\/1329886?piddl_msgid=329392. D. Forte. 2017. Security Orchestration 8 Automation: Parsing the Options. Retrieved September, 2017 from https:\/\/www.darkreading.com\/threat-intelligence\/security-orchestration-and-automation-parsing-the-options\/a\/d-id\/1329886?piddl_msgid=329392."},{"key":"e_1_2_1_85_1","volume-title":"Security Automation and Orchestration","author":"SWIMLANE.","year":"2017","unstructured":"SWIMLANE. Security Automation and Orchestration . October 11, 2017 from https:\/\/swimlane.com\/use-cases\/security-orchestration-for-automated-defense\/. SWIMLANE. Security Automation and Orchestration. October 11, 2017 from https:\/\/swimlane.com\/use-cases\/security-orchestration-for-automated-defense\/."},{"key":"e_1_2_1_86_1","volume-title":"Retrieved","author":"THREATCONNECT.","year":"2017","unstructured":"THREATCONNECT. Security Automation and Orchestration . Retrieved October 20, 2017 from https:\/\/www.threatconnect.com\/security-automation-orchestration\/. THREATCONNECT. Security Automation and Orchestration. Retrieved October 20, 2017 from https:\/\/www.threatconnect.com\/security-automation-orchestration\/."},{"key":"e_1_2_1_87_1","volume-title":"Respond to Incidents in Seconds\u2014Not Days. Retrieved","year":"2017","unstructured":"LogRhythm. Security Automation and Orchestration , Respond to Incidents in Seconds\u2014Not Days. Retrieved November 3, 2017 from https:\/\/logrhythm.com\/solutions\/security\/security-automation-and-orchestration\/. LogRhythm. Security Automation and Orchestration, Respond to Incidents in Seconds\u2014Not Days. Retrieved November 3, 2017 from https:\/\/logrhythm.com\/solutions\/security\/security-automation-and-orchestration\/."},{"key":"e_1_2_1_88_1","volume-title":"Application (Threat Intelligence, Network Forensics, Ticketing Solutions, and Compliance Management), Deployment Mode, End User, and Vertical, Region\u2014Global Forecast to","author":"Market R. A.","year":"2021","unstructured":"R. A. Market . 2016. Security Orchestration Market by Component (Solution and Service) , Application (Threat Intelligence, Network Forensics, Ticketing Solutions, and Compliance Management), Deployment Mode, End User, and Vertical, Region\u2014Global Forecast to 2021 . Retrieved November 4, 2017 from https:\/\/www.researchandmarkets.com\/research\/jcmnbx\/security. R. A. Market. 2016. Security Orchestration Market by Component (Solution and Service), Application (Threat Intelligence, Network Forensics, Ticketing Solutions, and Compliance Management), Deployment Mode, End User, and Vertical, Region\u2014Global Forecast to 2021. Retrieved November 4, 2017 from https:\/\/www.researchandmarkets.com\/research\/jcmnbx\/security."},{"key":"e_1_2_1_89_1","volume-title":"Retrieved","year":"2017","unstructured":"Alienvault. Security Automation 8 Orchestration . Retrieved November 10, 2017 from https:\/\/www.alienvault.com\/solutions\/security-automation-and-orchestration. Alienvault. Security Automation 8 Orchestration. Retrieved November 10, 2017 from https:\/\/www.alienvault.com\/solutions\/security-automation-and-orchestration."},{"key":"e_1_2_1_90_1","volume-title":"Security Orchestration Introduces order and Consistency to your SOC. Retrieved","author":"Orchestration SIEMPLIFY.","year":"2017","unstructured":"SIEMPLIFY. Automation 8 Orchestration , Security Orchestration Introduces order and Consistency to your SOC. Retrieved November 1, 2017 from https:\/\/www.siemplify.co\/security-orchestration-automation. SIEMPLIFY. Automation 8 Orchestration, Security Orchestration Introduces order and Consistency to your SOC. Retrieved November 1, 2017 from https:\/\/www.siemplify.co\/security-orchestration-automation."},{"key":"e_1_2_1_91_1","volume-title":"Retrieved","year":"2018","unstructured":"MarketsANDMarkets. Security Orchestration Market worth 1682.4 Million USD by 2021 . Retrieved January 12, 2018 from https:\/\/www.marketsandmarkets.com\/PressReleases\/security-orchestration.asp. MarketsANDMarkets. Security Orchestration Market worth 1682.4 Million USD by 2021. Retrieved January 12, 2018 from https:\/\/www.marketsandmarkets.com\/PressReleases\/security-orchestration.asp."},{"key":"e_1_2_1_92_1","volume-title":"Retrieved","author":"Kleyman B.","year":"2014","unstructured":"B. Kleyman . 2014 . Security Orchestration\u2014From Data Center to Cloud . Retrieved October 10, 2017 from https:\/\/blog.algosec.com\/2014\/04\/security-orchestration-data-center-cloud.html B. Kleyman. 2014. Security Orchestration\u2014From Data Center to Cloud. Retrieved October 10, 2017 from https:\/\/blog.algosec.com\/2014\/04\/security-orchestration-data-center-cloud.html"},{"key":"e_1_2_1_93_1","volume-title":"Retrieved","author":"Greenfield D.","year":"2017","unstructured":"D. Greenfield . 2017 . Should OT Follow IT's Centralized Security Orchestration ? Retrieved October 12, 2017 from https:\/\/www.automationworld.com\/should-ot-follow-its-centralized-security-orchestration. D. Greenfield. 2017. Should OT Follow IT's Centralized Security Orchestration? Retrieved October 12, 2017 from https:\/\/www.automationworld.com\/should-ot-follow-its-centralized-security-orchestration."},{"key":"e_1_2_1_94_1","volume-title":"Retrieved","author":"Weeden P.","year":"2017","unstructured":"P. Weeden . 2017 . Security Orchestration for Improved Incident Response . Retrieved October 12, 2017 from https:\/\/www.foration.com\/blog\/security-orchestration-improved-incident-response. P. Weeden. 2017. Security Orchestration for Improved Incident Response. Retrieved October 12, 2017 from https:\/\/www.foration.com\/blog\/security-orchestration-improved-incident-response."},{"key":"e_1_2_1_95_1","volume-title":"Remediation and Analytics. Retrieved","year":"2017","unstructured":"RiskVision. 2017 . RiskVision Launches First Out-of-the-Box Security Orchestration Solution with Business, IT and Security Collaboration , Remediation and Analytics. Retrieved October 12, 2017 from https:\/\/www.riskvisioninc.com\/riskvision-launches-first-box-security-orchestration-solution-business-security-collaboration-remediation-analytics\/. RiskVision. 2017. RiskVision Launches First Out-of-the-Box Security Orchestration Solution with Business, IT and Security Collaboration, Remediation and Analytics. Retrieved October 12, 2017 from https:\/\/www.riskvisioninc.com\/riskvision-launches-first-box-security-orchestration-solution-business-security-collaboration-remediation-analytics\/."},{"key":"e_1_2_1_96_1","volume-title":"Retrieved","year":"2016","unstructured":"CyberSponse. 2016 . How to Measure the ROI of Security Orchestration and Automation . Retrieved October 13, 2017 from https:\/\/cybersponse.com\/how-to-measure-the-roi-of-security-orchestration-and-automation. CyberSponse. 2016. How to Measure the ROI of Security Orchestration and Automation. Retrieved October 13, 2017 from https:\/\/cybersponse.com\/how-to-measure-the-roi-of-security-orchestration-and-automation."},{"key":"e_1_2_1_97_1","volume-title":"Retrieved","author":"Bhadra S.","year":"2015","unstructured":"S. Bhadra . 2015 . Process as Code: Security Ops Orchestration for a Brave New World . Retrieved October 13, 2017 from https:\/\/techcrunch.com\/2016\/03\/06\/process-as-code-security-ops-orchestration-for-a-brave-new-world\/. S. Bhadra. 2015. Process as Code: Security Ops Orchestration for a Brave New World. Retrieved October 13, 2017 from https:\/\/techcrunch.com\/2016\/03\/06\/process-as-code-security-ops-orchestration-for-a-brave-new-world\/."},{"key":"e_1_2_1_98_1","volume-title":"Retrieved","year":"2018","unstructured":"Cylance. Security Orchestration and Automation Engineer . Retrieved January 17, 2018 from https:\/\/www.linkedin.com\/jobs\/view\/security-orchestration-and-automation-engineer-at-cylance-inc.-470600981. Cylance. Security Orchestration and Automation Engineer. Retrieved January 17, 2018 from https:\/\/www.linkedin.com\/jobs\/view\/security-orchestration-and-automation-engineer-at-cylance-inc.-470600981."},{"key":"e_1_2_1_99_1","volume-title":"Environments. Retrieved","author":"Musthaler L.","year":"2013","unstructured":"L. Musthaler . 2013 . Automate Security Orchestration Across Platforms , Environments. Retrieved October 13, 2017 from https:\/\/www.networkworld.com\/article\/2163387\/infrastructure-management\/automate-security-orchestration-across-platforms-environments.html. L. Musthaler. 2013. Automate Security Orchestration Across Platforms, Environments. Retrieved October 13, 2017 from https:\/\/www.networkworld.com\/article\/2163387\/infrastructure-management\/automate-security-orchestration-across-platforms-environments.html."},{"key":"e_1_2_1_100_1","volume-title":"Retrieved","author":"Security H. N.","year":"2016","unstructured":"H. N. Security . 2016 . Security Orchestration and Automation: Closign the Gap in Incident Response . Retrieved October 19, 2017 from https:\/\/www.helpnetsecurity.com\/2016\/10\/07\/security-orchestration\/. H. N. Security. 2016. Security Orchestration and Automation: Closign the Gap in Incident Response. Retrieved October 19, 2017 from https:\/\/www.helpnetsecurity.com\/2016\/10\/07\/security-orchestration\/."},{"key":"e_1_2_1_101_1","unstructured":"ForeScout. Automating System - Wide Security Response through Orchestration. White Paper. Retrieved from https:\/\/www.forescout.com\/wp-content\/uploads\/2018\/07\/FS-WP-Automating_System-Wide_Security-Orchestration_073118.pdf. ForeScout. Automating System - Wide Security Response through Orchestration. White Paper. Retrieved from https:\/\/www.forescout.com\/wp-content\/uploads\/2018\/07\/FS-WP-Automating_System-Wide_Security-Orchestration_073118.pdf."},{"key":"e_1_2_1_102_1","unstructured":"R. Howard. The Next Board Problem: Automatic Enterprise Security Orchestration\u2014A Radical Change in Direction. Report. Paloalto Networks. R. Howard. The Next Board Problem: Automatic Enterprise Security Orchestration\u2014A Radical Change in Direction. Report. Paloalto Networks."},{"key":"e_1_2_1_103_1","volume-title":"Retrieved","author":"Wellins M.","year":"2017","unstructured":"M. Wellins . Orchestrating Security Policies - Microsegmentation vs Legacy Coonects - Heterogeneous Networks and Hybrid Clouds . Retrieved November 10, 2017 form https:\/\/www.tufin.com\/resources\/videos\/video-tufin-orchestrating-security-policies-across-physical-networks-hybrid-cloud. M. Wellins. Orchestrating Security Policies - Microsegmentation vs Legacy Coonects - Heterogeneous Networks and Hybrid Clouds. Retrieved November 10, 2017 form https:\/\/www.tufin.com\/resources\/videos\/video-tufin-orchestrating-security-policies-across-physical-networks-hybrid-cloud."},{"key":"e_1_2_1_104_1","volume-title":"Retrieved","author":"HEXADITE.","year":"2017","unstructured":"HEXADITE. What Is Security Automation? A Guide for an Evolving Landscape . Retrieved October 31, 2017 from http:\/\/Hexadite.com. HEXADITE. What Is Security Automation? A Guide for an Evolving Landscape. Retrieved October 31, 2017 from http:\/\/Hexadite.com."},{"key":"e_1_2_1_105_1","volume-title":"Retrieved","author":"HEXADITE.","year":"2017","unstructured":"HEXADITE. Evaluating Security Orchestration and Automation Solutions . Retrieved October 23, 2017 from http:\/\/Hexadite.com. HEXADITE. Evaluating Security Orchestration and Automation Solutions. Retrieved October 23, 2017 from http:\/\/Hexadite.com."},{"key":"e_1_2_1_106_1","volume-title":"Retrieved","author":"HEXADITE.","year":"2017","unstructured":"HEXADITE. Security orchestraiton and Automation: Closing the gap in incident response . Retrieved October 21, 2017 from htttp:\/\/Hexadite.com. HEXADITE. Security orchestraiton and Automation: Closing the gap in incident response. Retrieved October 21, 2017 from htttp:\/\/Hexadite.com."},{"key":"e_1_2_1_107_1","volume-title":"Retrieved","year":"2018","unstructured":"Microsoft. Windows Defender Advanced Threat Protection . Retrieved January 21, 2018 from https:\/\/www.microsoft.com\/en-us\/windowsforbusiness\/windows-atp. Microsoft. Windows Defender Advanced Threat Protection. Retrieved January 21, 2018 from https:\/\/www.microsoft.com\/en-us\/windowsforbusiness\/windows-atp."},{"key":"e_1_2_1_108_1","volume-title":"Retrieved","year":"2017","unstructured":"FireEye. Security Orchestration\u2014Best Practice for any Organization . Retrieved November 21, 2017 from https:\/\/www.fireeye.com\/solutions\/security-orchestrator\/wp-best-practices-in-orchestration.html. FireEye. Security Orchestration\u2014Best Practice for any Organization. Retrieved November 21, 2017 from https:\/\/www.fireeye.com\/solutions\/security-orchestrator\/wp-best-practices-in-orchestration.html."},{"key":"e_1_2_1_109_1","volume-title":"Retrieved","year":"2017","unstructured":"FireEye. Security Orchestration In Action: Integrate -- Automate --Manage . Retrieved November 20, 2017 from https:\/\/www2.fireeye.com\/Webinar-FSO-EMEA.html?utm_source=fireeye8utm_medium=webinar-page. FireEye. Security Orchestration In Action: Integrate -- Automate --Manage. Retrieved November 20, 2017 from https:\/\/www2.fireeye.com\/Webinar-FSO-EMEA.html?utm_source=fireeye8utm_medium=webinar-page."},{"key":"e_1_2_1_110_1","volume-title":"Retrieved","year":"2017","unstructured":"Komand. Security Automation Best Practice . Retrieved October 21, 2017 from https:\/\/www.komand.com\/. Komand. Security Automation Best Practice. Retrieved October 21, 2017 from https:\/\/www.komand.com\/."},{"key":"e_1_2_1_111_1","unstructured":"ForeScout. ForeScout Agentless Visibility and Control. White Paper. Retrieved from https:\/\/www.forescout.com\/wp-content\/uploads\/2018\/08\/Agentless-Visibility-and-Control-ForeScout-White-Paper.pdf. ForeScout. ForeScout Agentless Visibility and Control. White Paper. Retrieved from https:\/\/www.forescout.com\/wp-content\/uploads\/2018\/08\/Agentless-Visibility-and-Control-ForeScout-White-Paper.pdf."},{"key":"e_1_2_1_112_1","unstructured":"ForeScout. Protecting the connection lifecycle\u2014Extening visibility control and orchestration beyond cyber security environments. White Paper. Retrieved from https:\/\/www.forescout.com\/wp-content\/uploads\/2017\/04\/Protecting-the-Connection-Lifecycle-ForeScout-White-Paper.pdf. ForeScout. Protecting the connection lifecycle\u2014Extening visibility control and orchestration beyond cyber security environments. White Paper. Retrieved from https:\/\/www.forescout.com\/wp-content\/uploads\/2017\/04\/Protecting-the-Connection-Lifecycle-ForeScout-White-Paper.pdf."},{"key":"e_1_2_1_113_1","unstructured":"ForeScout. ForeScout CounterACT\u2014Advanced endpoint visibility for ITAM and CMDB. White Paper. ForeScout. ForeScout CounterACT\u2014Advanced endpoint visibility for ITAM and CMDB. White Paper."},{"key":"e_1_2_1_114_1","volume-title":"Retrieved","year":"2017","unstructured":"Demisto. Collaborative and Automated Security Operations - A comprehensive Incident Management Platform . Retrieved October 20, 2017 from https:\/\/www.demisto.com\/. Demisto. Collaborative and Automated Security Operations - A comprehensive Incident Management Platform. Retrieved October 20, 2017 from https:\/\/www.demisto.com\/."},{"key":"e_1_2_1_115_1","volume-title":"Retrieved","year":"2017","unstructured":"Demisto. Security Automation and Orchestration\u2014The Human Perspective . Retrieved October 20, 2017 from https:\/\/www.demisto.com\/. Demisto. Security Automation and Orchestration\u2014The Human Perspective. Retrieved October 20, 2017 from https:\/\/www.demisto.com\/."},{"key":"e_1_2_1_116_1","unstructured":"IBM Resilient. Orchestration Platform. Retrieved October 23 2017 from https:\/\/www.resilientsystems.com\/our-platform\/ir-orchestration-platform\/. IBM Resilient. Orchestration Platform. Retrieved October 23 2017 from https:\/\/www.resilientsystems.com\/our-platform\/ir-orchestration-platform\/."},{"key":"e_1_2_1_117_1","unstructured":"SWIMLANE. Security Orchestration | What is Security Orchestration? Retrieved October 20 2017 from https:\/\/swimlane.com\/solutions\/security-automation-and-orchestration\/security-orchestration\/. SWIMLANE. Security Orchestration | What is Security Orchestration? Retrieved October 20 2017 from https:\/\/swimlane.com\/solutions\/security-automation-and-orchestration\/security-orchestration\/."},{"key":"e_1_2_1_118_1","volume-title":"Retrieved","author":"Stern A.","year":"2017","unstructured":"A. Stern . 2017 . Security Orchestration is more than Automation . Retrieved September 24, 2017 from https:\/\/www.siemplify.co\/blog\/security-orchestration-automation-myth-unmanned-soc. A. Stern. 2017. Security Orchestration is more than Automation. Retrieved September 24, 2017 from https:\/\/www.siemplify.co\/blog\/security-orchestration-automation-myth-unmanned-soc."},{"key":"e_1_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2011.01.004"},{"key":"e_1_2_1_120_1","unstructured":"M. B. Miles and A. M. Huberman. 1994. Qualitative Data Analysis: An Expanded Sourcebook. SAGE. M. B. Miles and A. M. Huberman. 1994. Qualitative Data Analysis: An Expanded Sourcebook. SAGE."},{"key":"e_1_2_1_121_1","unstructured":"C. Invotas. Invotas Security Orchestrator. September 21 2017 from http:\/\/invotas.csgi.com\/. C. Invotas. Invotas Security Orchestrator. September 21 2017 from http:\/\/invotas.csgi.com\/."},{"key":"e_1_2_1_122_1","volume-title":"Retrieved","author":"Jeff K.","year":"2017","unstructured":"K. Jeff . 2017 . The Fast-Growing Job with A Huge Skills Gap: Cyber Security . Retrieved November 14, 2017 from https:\/\/www.forbes.com\/sites\/jeffkauflin\/2017\/03\/16\/the-fast-growing-job-with-a-huge-skills-gap-cybersecurity\/#40a325c15163 K. Jeff. 2017. The Fast-Growing Job with A Huge Skills Gap: Cyber Security. Retrieved November 14, 2017 from https:\/\/www.forbes.com\/sites\/jeffkauflin\/2017\/03\/16\/the-fast-growing-job-with-a-huge-skills-gap-cybersecurity\/#40a325c15163"},{"key":"e_1_2_1_123_1","unstructured":"C. Seek. Retrieved November 20 2017 from http:\/\/cyberseek.org\/index.html#about. C. Seek. Retrieved November 20 2017 from http:\/\/cyberseek.org\/index.html#about."},{"key":"e_1_2_1_124_1","volume-title":"Retrieved","author":"Market R. A.","year":"2016","unstructured":"R. A. Market . 2016 . Security Orchestration Market to Reach &dollar;1.6 Billion by 2021 - Rise in Security Breaches 8 Incidents - Research and Markets . Retrieved November 21, 2017 from https:\/\/www.prnewswire.com\/news-releases\/security-orchestration-market-to-reach-16-billion-by-2021\u2014rise-in-security-breaches--incidents\u2014research-and-markets-300373845.html. R. A. Market. 2016. Security Orchestration Market to Reach &dollar;1.6 Billion by 2021 - Rise in Security Breaches 8 Incidents - Research and Markets. Retrieved November 21, 2017 from https:\/\/www.prnewswire.com\/news-releases\/security-orchestration-market-to-reach-16-billion-by-2021\u2014rise-in-security-breaches--incidents\u2014research-and-markets-300373845.html."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3305268","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3305268","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:58:09Z","timestamp":1750208289000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3305268"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,4,30]]},"references-count":123,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,3,31]]}},"alternative-id":["10.1145\/3305268"],"URL":"https:\/\/doi.org\/10.1145\/3305268","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,4,30]]},"assertion":[{"value":"2018-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-04-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}