Demisto_Logo
  • Platform
    • Overview
    • Security Orchestration
    • Incident Management
    • Interactive Investigation
    • Machine Learning
    • Architecture
    • Indicator Repository
  • Solutions
    • Accelerate Incident Response
    • Standardize Incident Response
    • Threat Hunting
    • Cloud Security
    • SOC Metrics
    • MSSP
  • Community
  • Resources
    • Content Library
    • Blog
  • Integrations
  • Company
    • About Us
    • News
    • Join Us
    • Media Kit
    • Contact
  • Free community edition
Free Community Edition
January 24, 2018

Must-Read Articles

Research Reports

Featured

Demisto

Gartner brings SOAR to the fore in seminal research report

Gartner SOAR Blog Feature

Subscribe to Email Updates

envelope-icon.png
subscribe to email updates
  • All
  • Must-Read Articles
  • Product Features
  • Use-Cases
  • News and Events
  • Partner Integrations
  • Tweet

Last month, Gartner published what we believe to be their most comprehensive research on the Security Orchestration and Automation market to date. In their report, Innovation Insight for Security Orchestration, Automation, and Response (or SOAR), Gartner tracks the evolution of the market over the past few years, coins the term SOAR as a convergence of hitherto different technologies, and describes should-have components for ideal SOAR solutions.

Here, we’ll go through some highlights from the report and discuss what functional components users should look from SOAR solutions going forward.

SOARing Market Growth

According to Gartner, the share of organizations with security teams larger than five people that will leverage SOAR tools for orchestration and automation will rise from less than 1% today to 15% in 2020. As the security skills shortage persists, alert numbers and attack vectors grow, and product proliferation continues, more organizations will consider SOAR solutions to unlock the full potential of both their analysts and security product suite.   

Technology Convergence

After studying the progress of the market over the past few years, Gartner is witnessing a convergence of three previously distinct technology sectors: security orchestration and automation, incident management and response, and threat intelligence.

SOAR industry formed by convergence of security orchestration and automation, incident management, and threat intelligence marketsWith time, users will realize that security orchestration and automation platforms with native incident management as well as basic in-built threat intelligence form the most efficient nerve centers for SOCs, enabling incident resolution with the highest fidelity, most robust documentation, and least dead time.

 

See How Demisto Maps With Gartner's SOAR Recommendations

View Infographic

What Drives SOAR

The chief drivers for SOAR technologies that Gartner identifies are staff shortages, alert fatigue stemming from a surfeit of sources, the increasingly destructive nature of threats, and the need for a central repository and action center for SOCs.

While the former two drivers are security-based, the latter two intersect security with overall business metrics. Destructive threats can cause massive financial loss to organizations, and CISOs are facing pressures to show tangible returns on security investments. SOAR solutions have the potential to strike an ideal balance between improving security posture and reducing business risk.

Mapping Functional Components

Gartner has prescribed four should-have components for SOAR solutions, and summarized capabilities within those components. The components are orchestration, automation, incident management and collaboration, and dashboards and reporting.

Graphic showing mapping of SOAR components: orchestration, automation, incident management and collaboration, and dashboards and reportingThis is a logical outcome of the technology convergence covered earlier in this blog. While each component set is distinct in features, requirements, and benefits, they feed into each other in a virtuous cycle and form pieces of the complete SOAR jigsaw.

Going forward, users will prefer SOAR solutions that straddle across these four security functions, either natively in the platform or through seamless third-party integrations. As these tools continue to form the central consoles for security operations, flexibility will be vital. An ideal SOAR solution will be able to satisfy disparate user sets (analyst, SOC manager, CISO) and handle use cases with varying levels of complexity.


If you’re interested in learning more about Demisto’s approach to SOAR, we invite you to schedule a live demo.

Schedule a demo

 

Share:

What Should I Read Next:

December 3, 2019 09:00:00 PM

Demisto and AWS: Identity and Access Management (IAM) Access Analyzer

SHARE

November 27, 2019 04:00:00 PM

SOAR Report 2019 Deep-Dive: Response and Enforcement

SHARE

November 12, 2019 04:00:00 PM

SOAR Report 2019 Deep-Dive: Incident Investigation

SHARE
Careers
foot-logo.png
get in touch

Copyright © 2019   |   DEMISTO - A PALO ALTO NETWORKS COMPANY   |   PRIVACY STATEMENT