There still isn’t a Gartner Magic Quadrant for SOAR, so here’s what you can do in the meantime.
We hate to break it to you, but there’s no Gartner Magic Quadrant for SOAR – yet. The closest and most detailed piece of Gartner research about the SOAR space is the Gartner Market Guide for SOAR.
Hope isn’t lost, though. In the meantime, use this guide as a starting point for creating your own DIY quadrant for SOAR vendors. Insights and best practices are provided to make your decision easier.
What is SOAR?
Gartner defines SOAR technology as “solutions that combine incident response, orchestration and automation, and threat intelligence platform management capabilities in a single solution”.
SOAR platforms enable organizations to automate and orchestrate their security processes, from threat detection to investigation and response. SOAR solutions integrate with different security technologies such as Security Information and Event Management (SIEM), Extended Detection and Response (XDR), and other security tools.
There is plenty of recent Gartner® research, like the 2022 Market Guide for Security Orchestration, Automation and Response solutions. Their analysis looks at SOAR, “as a pure-play technology, SOAR continues to mature, but remains a relatively niche market. It is being consumed into other markets such as SIEM, XDR and MDR.”
Related reading: Your Guide to SOAR.
What is the Gartner Magic Quadrant?
A magic quadrant is a research methodology and graphical representation used by Gartner to analyze and evaluate technology markets and vendors. It is a two-dimensional grid or matrix that visually represents a market and its key players.
There are two axes that evaluate vendors within specific categories:
- Ability to execute: evaluates the product or services offered, overall viability, customer experience and marketing responsiveness.
- Completeness of vision: evaluates the product/marketing/sales strategy, business model and overall market understanding.
The magic quadrant divides vendors into four quadrants based on their completeness of vision and ability to execute. The ‘completeness of vision’ axis represents how well a vendor understands market trends, and customer needs, and how well they anticipate future developments. The ‘ability to execute’ axis represents how well a vendor delivers on its promises, and its ability to meet customer requirements and expectations.
The four quadrants are:
Leaders: These are vendors who are considered to have a strong ability to execute and a clear vision for the market. They are typically market leaders and have a significant market share.
Challengers: These vendors have a strong ability to execute, but their vision for the market may be less clear. They may have a significant market share, but they may not be as innovative as leaders.
Visionaries: These vendors have a strong vision for the market, but their ability to execute may be less established. They may be smaller companies or startups with innovative technologies.
Niche Players: These vendors may have a limited ability to execute and may have a narrow focus on a specific market niche. They may be small companies with unique offerings.
In the Meantime: Build a DIY SOAR Quadrant
With the basics outlined above, the next step is to evaluate SOAR providers on your own. To make the task easier, here are some key components to analyze when considering a SOAR vendor:
Quantity and Quality of Integrations
Modern SOAR platforms should be adaptable to any organization’s unique needs. Not only should the vendor be able to integrate with any tech stack, but the integrations should also be up-to-date and easy to implement.
Company Size and Maturity
What are the current and future intentions of the SOAR vendor? The worst thing is to invest into a new product only to find out the vendor has extreme growing pains or industry shifts to overcome. A worthwhile SOAR provider will be conscious of its company size – not too large, and not too small. The vendor should also have a clear track record of success and progress throughout time.
Independent or Suite-Focused
SOAR platforms fall into two categories: vendor agnostic and suite-based. If you want full say in what other products are in your security tech stack, a vendor-agnostic SOAR is your best option. There are no surprises down the road with suite requirements or restrictions that can happen with packaged SOAR platforms.
Gartner highlights that SOAR is the combination of three technologies: incident response platforms, security orchestration and automation, and threat intelligence platforms (TIP). SOAR leader’s product offerings should have strong capabilities such as case management and workflow automation.
Reviews on Gartner Peer Insights
Gartner Magic Quadrants and Market Guides are valuable assets during your initial search. Once you’ve narrowed down your options, make sure to read customer reviews on Gartner Peer Insights. It’s a trusted source to ensure the efficacy of a SOAR platform by real customers across industries and company sizes.
The Future of SOAR
SOAR is a rapidly evolving field in cybersecurity that aims to improve the efficiency and effectiveness of security operations by integrating various security tools and technologies into a single platform.
The future of SOAR is likely to be shaped by several trends, including:
Expansion beyond traditional security use cases: SOAR platforms are expected to expand beyond traditional security use cases such as threat detection and incident response. They will likely incorporate capabilities for compliance monitoring, risk management, and other areas of security operations.
Greater customization and flexibility: SOAR platforms are expected to become more customizable and flexible, enabling security teams to tailor their workflows to meet specific needs and requirements.
Integration with endless security tools: As more organizations move their IT infrastructure to the cloud, SOAR platforms are expected to integrate more closely with cloud-based security tools and technologies.
More accessible automation: To combat the growing skills shortage and rapidly changing security demands, SOC teams have turned to low-code SOAR solutions. These platforms make automation easier to utilize, while still providing powerful SOAR capabilities.
While we all patiently wait for the next piece of Gartner research on SOAR, this guide should serve as a clear starting point for vendor comparison. In the meantime, Gartner Peer Insights and the Gartner 2022 Market Guide for SOAR are top resources.
Disclaimer: The opinions mentioned in this blog are our own and are not Gartner’s official position.
Gartner: 2022 Market Guide for SOAR
Are you struggling to keep up with the evolving threat landscape? Plagued with staffing shortages and overworked teams? Organizations continue to adopt SOAR solutions to address these key challenges. Download the 2022 Gartner Market Guide for SOAR to learn more.