Analyst house Gartner, Inc. recently released its 2020 Market Guide for Security Orchestration, Automation and Response (SOAR) Solutions. The researchers’ Market Guide series covers new and emerging technology markets as both the solutions and enterprise requirements evolve.
According to Gartner itself, “With the focus on early, more chaotic markets, a Market Guide does not rate or position vendors within the market, but rather more commonly outlines attributes of representative vendors that are providing offerings in the market to give further insight into the market itself.”
Therefore, while the 2020 Market Guide for SOAR does feature vendors-to-watch profiles, that isn’t the main focus of the report. Instead, it explores a broad overview of the SOAR as a technology, including its key capabilities and likely evolutions as more businesses adopt it.
At Solutions Review, we read the report and pulled out the key takeaways. Here they are.
Key Findings from Gartner’s 2020 Market Guide for SOAR
Gartner mentions the following providers in their SOAR Market Guide: Anomali, Cyware, D3 Security, DFLabs, EclecticIQ, FireEye, Fortinet (CyberSponse), Honeycomb, IBM Security, LogicHub, Micro Focus (ATAR Labs), Palo Alto Networks (Cortex XSOAR), Rapid7, ServiceNow, Siemplify, Splunk, Swimlane, ThreatConnect, ThreatQuotient, and Tines.
In the new Market Guide, Gartner defines SOAR as “solutions that combine incident response, orchestration and automation, and threat intelligence (TI) management capabilities in a single platform. SOAR tools are also used to document and implement processes (aka playbooks, workflows and processes).” This represents a significant change from the previous definition offered by researchers; in 2019, they defined SOAR as “technologies that enable organizations to take inputs from a variety of sources (mostly from security information and event management [SIEM] systems) and apply workflows aligned to processes and procedures.”
Also, Gartner notes the importance of incident triage and compliance monitoring as capabilities in SOAR solutions. Overall, Gartner reports the SOAR market growing steadily, but it remains most visible in larger enterprises with mature security operations. SIEM providers are developing or acquiring SOAR technologies to pair with their other technologies.
Perhaps the latter observation doesn’t surprise; according to Gartner, the demand for SIEM technology remains strong with threat management being the main driver of that demand. SOAR technology supplements threat investigation and integration. It can also improve service delivery and response capabilities, both of which prove essential to modern cybersecurity.
Gartner Recommendations on SOAR
In addition to its analysis in the 2020 Market Guide for SOAR, Gartner researchers provide several recommendations for businesses looking to adopt the technology. Among these recommendations, Gartner strongly contends that businesses establish processes before deploying SOAR’s automation capabilities. Further, enterprises must prepare to invest in their SOAR solutions; both initial deployment and ongoing maintenance need adequate resources for optimal performance. Moreover, researchers note enterprises should investigate the requirements for the use of a SOAR tool; this will drive initial and subsequent use cases.
Enterprises can start that process by downloading our SOAR Buyer’s Guide. We cover the top providers and their key capabilities in detail. Each profile comes with a Bottom Line analysis of the vendor as well.
Latest posts by Ben Canner (see all)
- Is It To Early to Think about Business SIEM in 2021? - October 22, 2020
- Gartner Names 4 Cool Vendors in Security Operations and Threat Intelligence - October 19, 2020
- Micro Focus Reveals 2020 State of Security Operations Report - October 19, 2020