Security Orchestration, Automation, and Response Solutions Directory

Below is a SOAR Solutions Directory of the Top 8 Security Orchestration, Automation, and Response Solutions and SOAR software vendors. Each listing includes a solutions overview, plus a few more details to consider along with links to social media. If you would like an easy to reference printed version of this SIEM Solutions Directory page including complete solutions profiles and a list of the top questions to ask in an RFP – Request for Proposal, click here for a Free PDF.

Link to SOAR Buyer's Guide

Link to Cyberbit
Solutions Overview

Cyberbit spun out of Elbit Systems in 2015, and offers their own SOAR solution called SOC 3D. SOC 3D focuses on orchestration, automation, and big data investigation especially for enterprise security operations centers; additionally, it also provides a playbook builder for smoother playbook creation and editing; this facilitates incident response against a variety of cyber attacks. Further, Cyberbit also offers solutions such as Cyberbit Range for training and simulation, SCADAShield and SCADAShield Mobile for visibility and detection of threats, and Cyberbit EDR. All of these can integrate with Cyberbit’s SOAR solution to improve your enterprise’s incident detection and response times and thus reduce attacker dwell time.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

More Detail

Cyberbit helps to manage cyber incidents effectively, receiving praise with lots of options for incident management. In particular, its visualization and threat intelligence capabilities garner particular praise from customers. Cyberbits also offers price flexibility and easy deployment for enterprises of all sizes with speedy vendor response for service and support requests. Finally, the quality of technical support has received note.

Contact

6600 Chase Oaks Blvd
Plano ,Texas
United States
+1 (512) 676-8731
www.cyberbit.com

Link to IBM
Solutions Overview

In addition to its other cybersecurity and identity solutions, IBM offers its IBM Resilient solution for SOAR. IBM Resilient provides workflow, case management, and orchestration and automation capabilities. It focuses on case management, orchestration and automation capabilities, alongside machine learning. IBM can deliver IBM Resilient via on-premises software or via a Security-as-a-Service (SaaS) model, and it also offers an MSSP offering. IBM Resilient forms a part of IBM’s overall X-Force Threat Management Service solution. Therefore, it can leverage the IBM X-Force Exchange. IBM Resilient can accelerate cyber resilience and speed incident response efforts through challenges like skill shortages.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

More Detail

IBM Resilient receives attention for its simple installation and granular programming with powerful collaboration. Customers also not that IBM solutions are user friendly and provide for easy management after deployment; they also provide for easier alert tracking and alert visibility. Their integrate well with other firewall solutions and EDR. Moreover, IBM Resilient offers satisfying IT service and support.

Contact

1 New Orchard Rd
Armonk, NY
United States
+1 (800) 426-4968
www.ibm.com

Link to Palo Alto Networks
Solutions Overview

Palo Alto Networks acquired Demisto in early 2019. Since then, they incorporated the provider into the Cortex XSOAR solution. It continues to emphasize optimizing the efficiency of enterprise security operations by offering a single platform for SOC analysts. This platform allows for IT teams to manage incidents, automate, and standardize incident response processes, and collaborate on incident investigations. Cortex XSOAR uses its own machine learning capabilities to support functions including incident triage and actionable insight delivery to SOC analysts. For example, Cortex XSOAR Jobs Use Cases can run scheduled VPN checks, threat hunting exercises, and scans for vulnerable applications.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

More Detail

Previously, Demisto was mentioned in the Gartner “Cool Vendors in Security Operations and Vulnerability Management” in 2018. Palo Alto Networks appears dedicated to maintaining Demisto’s quality; the solution integrates with over one hundred security products and enables enterprises to build comprehensive and diverse playbooks. It specifically works to help enterprises deal with alert overloads, analyst talent shortages, and lack of product integration.

Contact

3000 Tannery Way
Santa Clara, CA
United States
+1 (866) 320-4788
www.paloaltonetworks.com

Link to Rapid7
Solutions Overview

Rapid7 offers SOAR capabilities via their InsightConnect solution. The InsightConnect solution helps enterprise security analysts optimize their security operations. They offer a library of several hundred plug-ins and a visual workflow builder that requires little to no code. In terms of automation capabilities, Rapid7’s vulnerability management (InsightVM) and cloud SIEM solutions with embedded UEBA solutions (InsightIDR) allow customers to automate key security processes. It also assists with patching and threat containment. InsightConnect is offered as an exclusive cloud-based solution. The InsightConnect solution is part of Insight, Rapid7’s broader security management platform.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

More Detail

Rapid7 offers a visually appealing and includes actionable reports. They also provides easy implementation, which may take only a few hours as compared to days. Their product, according to customer reviews, is stable with strong IT support. Rapid7 is expanding enhancements for the future. Their SOAR solution draws from their vulnerability management solution, which is also customizable for unique enterprise solutions.

Contact

120 Causeway St
Boston, MA
+1 (617) 247-1717
sales@rapid7.com
info@rapid7.com
www.rapid7.com

Link to Demisto
Solutions Overview

Siemplify offers an easy-to-use user interface for enterprise SOC activities in its SOAR solution. It also provides context-driven investigation capabilities that visually correlate incidents. Siemplify can group alerts to reduce analyst response time. In fact, Siemplify can provide case management and incident alert flows to SOC analysts. Siemplify uses machine learning capabilities to prioritize and suggest individual members of your team to handle specific incidents based on past experiences. The solution also promotes multi-tenant capabilities for those calling upon managed services. Siemplify’s dashboards and reporting for tracking and SOC metrics includes crisis management and analyst collaboration.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

More Detail

In 2019, Siemplify released a new version of their SOAR platform, with an eye towards scalability, robustness, and enterprise migration to the cloud in mind. Also in 2019, they received recognition as a finalist in the Black Unicorn Awards, a cybersecurity awards ceremony. They closed $30 million in Series C financing. They also receive recognition for their ease of deployment and their efforts to improve cyber resiliency.

Contact

150 W 22nd St
New York, NY
United States
+1 (877) 487-7222
www.siemplify.com

Link to Splunk
Solutions Overview

Splunk offers its own SOAR solution, Splunk Phantom. Splunk Phantom provides orchestration and automation capabilities along with case management functionality available for deployment via on-premises software. Additionally, it includes centralized visualization through the Phantom Mission Control. Moreover, Splunk Phantom offers a recommendation capability called Mission Guidance. The Splunk licensing model uses an events-per-day (EPD) model, with events only defined by those acted on.Phantom’s flexible app model supports hundreds of tools and thousands of unique APIs. Phantom’s event and case management also allows for rapid triage events in an automated, semi-automated, or manual fashion.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

More Detail

Splunk receives customer praise for its operational intelligence and for its flexibility in security data. In fact, it offers comprehensive dashboards and vital cybersecurity visibility. Splunk offers high customization especially in its SOC capabilities and in false alarm avoidance. Especially its SOAR visualization receives attention. Its analytical tools provide real-time data aggregation and workflow collaboration.

Contact

270 Brennan St
San Francisco, CA
United States
+1 (415) 848-8400
www.splunk.com

Link to Swimlane
Solutions Overview

Swimlane’s SOAR platform focuses on the orchestration and automation of existing enterprise security controls and rote tasks. It can interact with hundreds of APIs from enterprise’s existing technology stack; in fact, Swimlane even allows enterprises to reuse existing scripts. Among their numerous capabilities, Swimlane clients can develop playbooks that visually represent complicated security operations workflows using a drag-and-drop paradigm. Additionally, Swimlane enables analytics and automation to be incorporated into security operations. Swimlane’s SOAR solution works to provide cybersecurity consistency and more accuracy for enterprise IT security teams.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

More Detail

Swimlane received recognition as a finalist in the inaugural Black Unicorn Awards. The InfoSec Awards for 2019 specifically for its SOAR capabilities. In addition, Swimlane recently raised $23 million of Series B funding. In 2019, they integrated with Microsoft, and they continue to innovate their scalable solution to respond to alert fatigue and the cybersecurity staffing crisis. Their solution is described as easy to deploy and highly customizable.

Contact

363 Centennial Pkwy
Louisville, CO
United States
+1 (844) 794-6526
www.swimlane.com

Link to Swimlane
Solutions Overview

ThreatConnect’s SOAR solution offers a unique product architecture bringing both threat intelligence platforms and security orchestration and automation to bear. In addition, ThreatConnect provides a large ecosystem of integrations. The application of this intelligence, drawn from both internal components and third parties, allows for the application of intelligence to enterprise security processes and workflows. In terms of SOAR, ThreatConnect continues to expand its threat intelligence to provide critical orchestration and automation capabilities. It also allows for in-depth documentation and for the quick identification of false-positives.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

More Detail

In 2019, ThreatConnect was named an Excellence Award finalist in Customer Service for the 2020 SC Awards; this indicates their level of IT service and support for enterprises. Additionally, it won an award from CyberSecurity Breakthrough for its SOAR solution, and was named to the Inc. 5000 for the second year. It offers highly customizable workflows and a strong threat intelligence platform as part of its SOAR offering.

Contact

3865 Wilson Blvd
Arlington, VA
United States
+1 (703) 229-4240
www.threatconnect.com