We’ve said it before, and we’ll say it again: Security Orchestration, Automation and Response (SOAR) platforms are great tools for helping teams work smarter, faster, and more efficiently against security risks. But, used on their own, SOARs are far from perfect for meeting the full security needs of the modern organization.

With the recent release of build.cfengine.com and cfbs I have been thinking about the process of converting a traditionally manged policy set. I consider a traditionally manged policy set one where you have a repo with the root of masterfiles being the root of the repository, or even having no repository at all and managing masterfiles by editing directly in the distribution point (e.g. /var/cfengine/masterfiles).

Adopting a public cloud platform like AWS has many benefits, but the process of moving your existing automation capabilities between on-prem and the cloud can present challenges and make it difficult to take full advantage of cloud. In fact, in a recent survey conducted by Puppet, we learned that many Puppet users are significantly influencing their organizations’ cloud migration planning, indicating that Puppet can play a key role in cloud migration.

SOAR — or security orchestration, automation and response — is a collection of processes, software and tools that allows teams to streamline security operations. SOAR platforms are a hot topic in the realm of cybersecurity these days, and with good reason.

My mantra with regards to automation has always been, “If you do it more than twice, automate it.” And I stick by that, with a few exceptions. There are some things you should never trust to an automated script.