Todyl Platform Update: SOAR

Samir Jain
April 26, 2024

Introducing the newest feature of the Todyl security platform: Security Orchestration, Automation, and Response, or SOAR. With SOAR, Todyl users can streamline response processes and create repeatable playbooks for dealing with potential threats and protecting their organization.


In today’s cybersecurity landscape, you need to be faster than attackers to keep your environment secure. SOAR streamlines your response capabilities, using pre-built playbooks for more rapid remediation of potential malware, business email compromise (BEC), and other threats.

For example, if an anomalous sign-in is detected on a Microsoft 365 account, SOAR will automatically revoke that user’s sign-in and contact admins to alert them of the issue and changes. Further escalation can be included in playbooks to disable or delete the account if more account takeover actions are detected.

The same is true for potential malware infections, stopping malicious processes without interrupting work activities or isolating an infected host to prevent lateral movement within the organization. With SOAR, you can rest assured your organization can rapidly respond across key attack vectors while also freeing up time for your team to tackle other business goals.

How SOAR works

SOAR builds off Todyl’s existing Case Management functionality to reduce friction in investigation and response processes, freeing you up to tackle other business goals while keeping security top of mind.

This release includes multiple pre-built playbooks that leverage a combination of Todyl Automated Response Actions (TARA) to instantly address threats on endpoints and Microsoft 365 accounts. You can use TARA to create your own playbooks to automate other tasks as well.

Use Simulation Mode within SOAR to test your automations over a 7, 14, or 30-day period, with the option to do so indefinitely as necessary. Simulation Mode allows you to ensure playbooks are working according to your needs.

You can also create Exclusion Lists within your playbooks to ensure specific systems or users that require constant uptime, such as a domain controller or Microsoft 365 managing admin, won’t be affected by a SOAR playbook automated response.

Get started with SOAR

SOAR is available for all tenants in Todyl. It can be added to each tenant through the Cases page and is included and managed automatically for MXDR partners at no extra cost. Todyl partners can learn more about SOAR here.

Stay up to date

Subscribe to receive the latest insights, news, and updates from Todyl.

Additional reading

Threat breakdown: Remote access and credential dumping
5 key elements of effective MDR providers: Beyond just detection and response
Streamlining zero trust security with JumpCloud and Todyl

Todyl updates

Sign-up to get the latest from Todyl sent straight to your inbox.