GigaOm Radar for Security Orchestration, Automation, and Responsev2.0

Table of Contents

  1. Summary
  2. Market Categories and Deployment Types
  3. Key Criteria Comparison
  4. GigaOm Radar
  5. Vendor Insights
  6. Analyst’s Take
  7. About Andrew Green

1. Summary

Security orchestration, automation, and response (SOAR) emerged as a product category in the mid-2010s. At that point, SOAR solutions were based on playbooks and integrations. Since then, the platforms have developed beyond the initial core SOAR capabilities to offer more holistic experiences to security analysts, intending to develop SOAR as the main workspace for practitioners.

Newer features offered by this holistic experience include case management, collaboration, simulations, threat enrichment, and visual correlations. Additionally, SOAR vendors have gradually implemented artificial intelligence (AI) and machine learning (ML) technologies to enable their platforms to learn from past events and fine-tune existing processes. This is where evolving threat categorization and autonomous operations become differentiators in the space. While these two metrics are not critical for a SOAR platform, they may offer advantages in terms of reduced mean time to resolution (MTTR), resilience against employee turnover, and overall flexibility.

We’ve observed a lot of acquisition activity in the SOAR space. This was to be expected, considering that, after 2015, a sizable number of pure-play SOAR vendors entered the market. Larger players with a wider security portfolio are acquiring these SOAR-specific vendors to enter the automation and orchestration market. We expect to see more SOAR acquisitions as the security tools converge, very likely into automated security operations management (ASOM) solutions.

ASOM solutions are, in essence, security, information, and event management (SIEM) tools with SOAR-like capabilities. SIEM is a great candidate for a central management platform for security activities. It was designed to be a single source of truth, an aggregator of multiple security logs, but has been historically limited in its ability to carry out actions. However, in the past few years, SIEMs have either started developing their own automation and orchestration engines or integrated with third-party SOAR vendors. Through acquisitions and developments, multiple players with wider security portfolios have begun to offer SOAR capabilities natively as part of other security solutions.

Note: in this report, we’re only featuring vendors that have standalone SOAR solutions. Vendors with SOAR integrated with SIEM will be part of a separate Radar report for ASOM solutions.

We expect SOAR-like features to be further integrated into other products. This will include not only SIEM but also solutions such as extended detection and response (XDR) and IT automation. The number of pure-play SOAR vendors is unlikely to increase, although a handful may carve out their own niche in the security space, especially where large and bulky solutions may not be suitable for the customers.

This GigaOm Radar report highlights key SOAR vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating SOAR Solutions,” we describe in more detail the key features and metrics used to evaluate vendors in this market.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

Full content available to GigaOm Subscribers.

Sign Up For Free