隨著網際網路的快速發展,勒索軟體攻擊愈發頻繁,這些攻擊往往難以完全阻止。然而企業不僅面臨著日益複雜的資安管理挑戰,同時也遭遇了專業人才的短缺。資安協作自動化應變(SOAR)技術解決方案號稱為能夠改善這些問題,但從企業角度來看,實際驗證SOAR在企業環境中資安防護效益的案例仍然不足,無法讓決策者了解其實際導入效益及評估其導入應用流程。 因此本研究交採用個案研究法,透過分析三個具體的資訊安全應變處理場景,包括TW-ISAC情資應用流程、群組原則設置異常監控應用流程和誘餌檔案異動偵測流程,來實際驗證導入SOAR後的差異與效益。研究結果顯示,應用SOAR系統後,這些場景的處理時間均顯著縮短,從而證明了SOAR技術在整合安全工具及實現流程自動化方面的巨大潛力。透過這些案例分析,本研究不僅證實了SOAR系統在強化企業資安防護和提高安全事件處置效率方面的價值,也為企業資安管理的自動化變革提供了重要的參考。 ;With the rapid development of the Internet, ransomware attacks have become increas-ingly frequent and are often difficult to completely prevent. Companies are not only facing increasingly complex cybersecurity management challenges but also encountering a short-age of professional talent. Security Orchestration, Automation, and Response (SOAR) tech-nology solutions are claimed to address these issues. However, from a corporate perspective, there are still insufficient cases verifying the security benefits of SOAR in enterprise envi-ronments, leaving decision-makers unable to understand its actual implementation benefits and evaluate its application processes. Therefore, this study adopts a case study approach, analyzing three specific cybersecu-rity incident response scenarios: the TW-ISAC intelligence application process, the abnor-mal group policy setting monitoring application process, and the decoy file alteration detec-tion process, to practically verify the differences and benefits after implementing SOAR. The results of the study show that after applying the SOAR system, the processing time for these scenarios was significantly reduced, thereby demonstrating the great potential of SOAR technology in integrating security tools and achieving process automation. Through these case analyses, this study not only confirms the value of the SOAR system in enhancing enterprise cybersecurity protection and improving the efficiency of handling security inci-dents but also provides important references for the automation transformation of corporate cybersecurity management.
