The release of a Gartner Market Guide or Gartner Magic Quadrant is always eagerly anticipated by security vendors as well as organizations looking to purchase security solutions. We all look forward to reading how Gartner’s analysts synthesize the information they are hearing from both clients and vendors and pull it all together in a useful, easy-to-read document full of insights and recommendations.
The security orchestration, automation and response (SOAR) category, being a newer security category, does not yet have a Magic Quadrant. But just released is the Gartner 2020 Market Guide for Security Orchestration, Automation and Response Solutions. This guide builds on the 2019 SOAR Market Guide and provides insight into emerging trends, market direction and vendor dynamics within the SOAR space. If you’re considering an automation solution, this year’s SOAR market guide is required reading.
Per our view, some key takeaways from the Gartner SOAR Market Guide include:
- What is the value of SOAR? Simply put, SOAR allows for better decisions and faster response. In today’s reality of budget pressures, staff shortages, and tool proliferation as well as the resulting overload of events/alerts, complexity and redundancy of tools, SOAR becomes the primary vehicle to solve these issues. SOAR solutions provide the ability to support investigations and selection of the best workflow to respond to incidents, all at machine speeds. SOAR can automate workflow execution to respond to incidents, significantly reducing the time to respond.
- Who buys SOAR solutions? The typical buyers are twofold: large security teams in organizations with security operations centers (SOC) and security services providers, which include managed security services providers (MSSPs) and managed detection and response (MDR) providers. In fact, SOAR is becoming ubiquitous among MSSPs and MDR providers.
- What are the main drivers to implementing SOAR? For enterprises, the drivers include general productivity, efficiency and consistency improvements in security operations centers. For managed services providers, the drivers include improved client interactions, speed and consistency when detecting and responding to threats. The most common use cases include SOC optimization, threat monitoring, investigation and response and threat intelligence (TI) management.
- What are the key requirements of SOAR solutions? Gartner states orchestration and automation, basic incident/case management, and operationalizing threat intelligence are considered table stakes.
- How is SOAR being used? According to Gartner, “SOAR tools are mostly used for incident response and the workflow, security automation and orchestration of workflows, or the combination of the two. TI management in SOAR tools is increasingly becoming native functionality in SOAR tools outside those that were initiated primarily as TIPs; however, it is still not a main driver for buyers.”
- What about other tools that offer orchestration and automation? Gartner notes that other security solutions, like XDR and SIEM are adding SOAR capabilities, as they have similar use cases. However, buyers looking for a best-of-breed solution will find that broad-based SOAR solutions will better provide the flexibility, vendor-neutrality and room for the non-security use cases they need.
- What’s different in the 2020 Gartner SOAR Market Guide versus last year’s guide? Many of the recommendations that Gartner noted last year remain true this year, especially around how to prepare for SOAR implementation. However, Gartner stresses preparedness this year, especially on making sure processes are defined and in place beforehand and to allocate adequate resources, not only for implementation but also for ongoing operations. New this year is Gartner’s recommendation on open APIs. Organizations should demand open APIs of their security vendors’ products, as integrating their security stack with their SOAR solution is critical to achieving the full set of capabilities and benefits that SOAR solutions can deliver.
See Swimlane Turbine in Action
Schedule a Swimlane Turbine live demonstration with our experts! Learn how our AI-enabled security automation platform can help you solve the most challenging problems across your entire security organization.