Ad Image

Security Orchestration, Automation, and Response Solutions Directory

Below is a SOAR Solutions Directory of the Top 8 Security Orchestration, Automation, and Response Solutions and SOAR software vendors. Each listing includes a solutions overview, plus a few more details to consider along with links to social media. If you would like an easy to reference printed version of this SOAR Solutions Directory page including complete solutions profiles and a list of the top questions to ask in an RFP – Request for Proposal, click here for a Free PDF.

Solutions Overview

Chronicle offers an easy-to-use user interface for enterprise SOC activities in its Chronicle SOAR solution. The product provides context-driven investigation capabilities that visually correlate incidents. Siemplify can ...

Chronicle offers an easy-to-use user interface for enterprise SOC activities in its Chronicle SOAR solution. The product provides context-driven investigation capabilities that visually correlate incidents. Siemplify can group alerts to reduce analyst response time as well. The tool features case management and incident alert flows to SOC analysts, and utilizes machine learning to prioritize and suggest incidence response handling based on past experience. Siemplify’s dashboards and reporting are designed for tracking and SOC metrics like crisis management and analyst collaboration.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

Chronicle and it’s Chronicle SOAR platform are the result of Google’s acquisition of Siemplify.

Cyberbit SOAR security companies
Solutions Overview

Cyberbit spun out of Elbit Systems in 2015, and offers their own SOAR solution called SOC 3D. SOC 3D focuses on orchestration, automation, and big data investigation especially for enterprise security operations centers; ...

Cyberbit spun out of Elbit Systems in 2015, and offers their own SOAR solution called SOC 3D. SOC 3D focuses on orchestration, automation, and big data investigation especially for enterprise security operations centers; additionally, it also provides a playbook builder for smoother playbook creation and editing; this facilitates incident response against a variety of cyber attacks. Further, Cyberbit also offers solutions such as Cyberbit Range for training and simulation, SCADAShield and SCADAShield Mobile for visibility and detection of threats, and Cyberbit EDR. All of these can integrate with Cyberbit’s SOAR solution to improve your enterprise’s incident detection and response times and thus reduce attacker dwell time.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

Cyberbit helps to manage cyber incidents effectively, receiving praise with lots of options for incident management. In particular, its visualization and threat intelligence capabilities garner particular praise from customers. Cyberbits also offers price flexibility and easy deployment for enterprises of all sizes with speedy vendor response for service and support requests. Finally, the quality of technical support has received note.

Solutions Overview

In addition to its other cybersecurity and identity solutions, IBM offers its IBM Resilient solution for SOAR. IBM Resilient provides workflow, case management, and orchestration and automation capabilities. It focuses on...

In addition to its other cybersecurity and identity solutions, IBM offers its IBM Resilient solution for SOAR. IBM Resilient provides workflow, case management, and orchestration and automation capabilities. It focuses on case management, orchestration and automation capabilities, alongside machine learning. IBM can deliver IBM Resilient via on-premises software or via a Security-as-a-Service (SaaS) model, and it also offers an MSSP offering. IBM Resilient forms a part of IBM’s overall X-Force Threat Management Service solution. Therefore, it can leverage the IBM X-Force Exchange. IBM Resilient can accelerate cyber resilience and speed incident response efforts through challenges like skill shortages.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

IBM Resilient receives attention for its simple installation and granular programming with powerful collaboration. Customers also not that IBM solutions are user friendly and provide for easy management after deployment; they also provide for easier alert tracking and alert visibility. Their integrate well with other firewall solutions and EDR. Moreover, IBM Resilient offers satisfying IT service and support.

Solutions Overview

Logsign is a global cybersecurity vendor focusing on automation-driven SIEM and SOAR products and value-added services. They are located in The Hague, Netherlands, San Francisco US and İstanbul, Turkey. Download this Dire...

Logsign is a global cybersecurity vendor focusing on automation-driven SIEM and SOAR products and value-added services. They are located in The Hague, Netherlands, San Francisco US and İstanbul, Turkey.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

Logsign offers a security driven logging solution that can integrate with hundreds of vendors over tens of protocols. As a vendor agnostic company, they supply vast support to new/custom logging formats. Logsign installations can scale from a single server installation to tens of servers both vertically and horizontally in an almost linear fashion.

Palo Alto Networks
Solutions Overview

Palo Alto Networks acquired Demisto in early 2019. Since then, they incorporated the provider into the Cortex XSOAR solution. It continues to emphasize optimizing the efficiency of enterprise security operations by offeri...

Palo Alto Networks acquired Demisto in early 2019. Since then, they incorporated the provider into the Cortex XSOAR solution. It continues to emphasize optimizing the efficiency of enterprise security operations by offering a single platform for SOC analysts. This platform allows for IT teams to manage incidents, automate, and standardize incident response processes, and collaborate on incident investigations. Cortex XSOAR uses its own machine learning capabilities to support functions including incident triage and actionable insight delivery to SOC analysts. For example, Cortex XSOAR Jobs Use Cases can run scheduled VPN checks, threat hunting exercises, and scans for vulnerable applications.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

Previously, Demisto was mentioned in the Gartner “Cool Vendors in Security Operations and Vulnerability Management” in 2018. Palo Alto Networks appears dedicated to maintaining Demisto’s quality; the solution integrates with over one hundred security products and enables enterprises to build comprehensive and diverseplaybooks. It specifically works to help enterprises deal with alert overloads, analyst talent shortages, and lack of product integration.

Rapid7
Solutions Overview

Rapid7 offers SOAR capabilities via their InsightConnect solution. The InsightConnect solution helps enterprise security analysts optimize their security operations. They offer a library of several hundred plug-ins and a ...

Rapid7 offers SOAR capabilities via their InsightConnect solution. The InsightConnect solution helps enterprise security analysts optimize their security operations. They offer a library of several hundred plug-ins and a visual workflow builder that requires little to no code. In terms of automation capabilities, Rapid7’s vulnerability management (InsightVM) and cloud SIEM solutions with embedded UEBA solutions (InsightIDR) allow customers to automate key security processes. It also assists with patching and threat containment. InsightConnect is offered as an exclusive cloud-based solution. The InsightConnect solution is part of Insight, Rapid7’s broader security management platform.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

Rapid7 offers a visually appealing and includes actionable reports. They also provides easy implementation, which may take only a few hours as compared to days. Their product, according to customer reviews, is stable with strong IT support. Rapid7 is expanding enhancements for the future. Their SOAR solution draws from their vulnerability management solution, which is also customizable for unique enterprise solutions.

Splunk
Solutions Overview

Splunk offers its own SOAR solution, Splunk Phantom. Splunk Phantom provides orchestration and automation capabilities along with case management functionality available for deployment via on-premises software. Additional...

Splunk offers its own SOAR solution, Splunk Phantom. Splunk Phantom provides orchestration and automation capabilities along with case management functionality available for deployment via on-premises software. Additionally, it includes centralized visualization through the Phantom Mission Control. Moreover, Splunk Phantom offers a recommendation capability called Mission Guidance. The Splunk licensing model uses an events-per-day (EPD) model, with events only defined by those acted on.Phantom’s flexible app model supports hundreds of tools and thousands of unique APIs. Phantom’s event and case management also allows for rapid triage events in an automated, semi-automated, or manual fashion.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

Splunk receives customer praise for its operational intelligence and for its flexibility in security data. In fact, it offers comprehensive dashboards and vital cybersecurity visibility. Splunk offers high customization especially in its SOC capabilities and in false alarm avoidance. Especially its SOAR visualization receives attention. Its analytical tools provide real-time data aggregation and workflow collaboration.

Swimlane
Solutions Overview

Swimlane’s SOAR platform focuses on the orchestration and automation of existing enterprise security controls and rote tasks. It can interact with hundreds of APIs from enterprise’s existing technology stack; in fact, Swi...

Swimlane’s SOAR platform focuses on the orchestration and automation of existing enterprise security controls and rote tasks. It can interact with hundreds of APIs from enterprise’s existing technology stack; in fact, Swimlane even allows enterprises to reuse existing scripts. Among their numerous capabilities, Swimlane clients can develop playbooks that visually represent complicated security operations workflows using a drag-and-drop paradigm. Additionally, Swimlane enables analytics and automation to be incorporated into security operations. Swimlane’s SOAR solution works to provide cybersecurity consistency and more accuracy for enterprise IT security teams.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

Swimlane received recognition as a finalist in the inaugural Black Unicorn Awards. The InfoSec Awards for 2019 specifically for its SOAR capabilities. In addition, Swimlane recently raised $23 million of Series B funding. In 2019, they integrated with Microsoft, and they continue to innovate their scalable solution to respond to alert fatigue and the cybersecurity staffing crisis. Their solution is described as easy to deploy and highly customizable.

ThreatConnect
Solutions Overview

ThreatConnect’s SOAR solution offers a unique product architecture bringing both threat intelligence platforms and security orchestration and automation to bear. In addition, ThreatConnect provides a large ecosystem of in...

ThreatConnect’s SOAR solution offers a unique product architecture bringing both threat intelligence platforms and security orchestration and automation to bear. In addition, ThreatConnect provides a large ecosystem of integrations. The application of this intelligence, drawn from both internal components and third parties, allows for the application of intelligence to enterprise security processes and workflows. In terms of SOAR, ThreatConnect continues to expand its threat intelligence to provide critical orchestration and automation capabilities. It also allows for in-depth documentation and for the quick identification of false-positives.

Download this Directory and get our Free Security Orchestration, Automation, and Response Buyer’s Guide.

In 2019, ThreatConnect was named an Excellence Award finalist in Customer Service for the 2020 SC Awards; this indicates their level of IT service and support for enterprises. Additionally, it won an award from CyberSecurity Breakthrough for its SOAR solution, and was named to the Inc. 5000 for the second year. It offers highly customizable workflows and a strong threat intelligence platform as part of its SOAR offering.