Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity

Revisiting Whether SOAR Will Replace SIEM In Business Cybersecurity

Not long ago, Solutions Review posted “Will SOAR Cybersecurity Replace SIEM in the Near Future?” This article debated the merits between two of the more complex but still vital branches of the modern cybersecurity tree. Ultimately, we left it to the reader to decide, while exploring the merits of both solutions—SOAR (Security Operations, Automation, and Response) and SIEM (Security Information and Event Management).  

Here’s what we said: 

“Some security experts read the rise of SOAR as a response to the problems of SIEM. Indeed, there is some validity to this reading, as SIEM can still pose a labor challenge to the uninitiated or unprepared.

However, this neglects the fact that SOAR solutions often draw from SIEM solutions. After all, SIEM aggregates critical logs and alert information. With it, SOAR would lose a vital source of insight into enterprise networks. Further, SOAR works through integration, binding SIEM to other critical cybersecurity solutions like endpoint security and identity management.”

Meanwhile, in a recent interview with Avi Chesla of empow, he shared his thoughts on the matter. “SOAR is a collection of features—workflows—that take best practices in the SOC and try to automate them. It tries to answer the question: ‘what do I need to do manually so that I can just automate instead?’”

“I believe that SOAR, as a collection of features, is part of the solution, and should be consolidated with the SIEM and behavioral analytics technologies in order to really provide the top-down SIEM. We’re already seeing that happening through acquisitions such as Palo Alto Networks acquisition of Demisto. Specific SOAR capabilities can work top-down, but enterprise can’t rely on SOAR alone.”

Instead, he points out that SOAR works when unified under a language of cybersecurity. 

Where do you fall on the debate? Will SOAR replace SIEM? Download the SIEM Buyer’s Guide and the SOAR Buyer’s Guide and share your thoughts with us on social media.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner