Solutions Review’s listing of the SOAR (Security Orchestration, Automation, and Response) Providers: Best of 2021 is an annual mashup of products that best represent current market conditions, according to the crowd. Our editors selected the best SOAR products based on each solution’s Authority Score, a meta-analysis of real user sentiment through the web’s most trusted business software review sites, and our own proprietary five-point inclusion criteria.
The editors at Solutions Review continually research the most prominent and influential SOAR vendors to assist buyers in search of the tools befitting the needs of their organization. Choosing the right vendor and solution can be a complicated process; it requires constant market research and often comes down to more than just the solution and its technical capabilities. Yet it’s essential; SOAR is a critical capability, necessary for discovering threats in siloed databases and improving incident response times.
Solutions Review picked out the best SOAR Providers of 2021 and Beyond. Here they are, in alphabetical order.
SOAR Providers: Best of 2021 and Beyond
Cyberbit spun out of Elbit Systems in 2015, and offers its own SOAR solution called SOC 3D. SOC 3D focuses on orchestration, automation, and big data investigation especially for enterprise security operations centers; additionally, it also provides a playbook builder for smoother playbook creation and editing; this facilitates incident response against a variety of cyber-attacks. Further, Cyberbit also offers solutions such as Cyberbit Range for training and simulation.
IBM offers its IBM Resilient solution for SOAR. IBM Resilient provides workflow, case management, and orchestration and automation capabilities. It focuses on case management, orchestration, and automation capabilities, alongside machine learning. IBM can deliver IBM Resilient via on-premises software or via a Security-as-a-Service (SaaS) model, and it also offers an MSSP offering. Also, it can leverage the IBM X-Force Exchange.
Logsign offers a comprehensive, control-plane type of SOAR for enterprises, regardless of whether they have SOC or not. It believes that cybersecurity automation is a need for all enterprises. Logsign focuses on smart and efficient orchestration, seamless automation, and investigation, especially for enterprises. It seeks to improve the maturity of SecOps, automation of workflows with bots, and playbooks, as well as providing a visual codeless playbook editor.
Palo Alto Networks
Palo Alto Networks offers the Cortex XSOAR solution. It continues to emphasize optimizing the efficiency of enterprise security operations by offering a single platform for SOC analysts. This platform allows for IT teams to manage incidents, automate, and standardize incident response processes, and collaborate on incident investigations. Cortex XSOAR uses its own machine learning capabilities to support functions including incident triage and actionable insight delivery to SOC analysts.
Rapid7 offers SOAR capabilities via its InsightConnect solution. The InsightConnect solution helps enterprise security analysts optimize their security operations. It offers a library of several hundred plug-ins and a visual workflow builder that requires little to no code. In terms of automation capabilities, Rapid7’s vulnerability management (InsightVM) and cloud SIEM solutions with embedded UEBA solutions (InsightIDR) allow customers to automate key security processes.
Siemplify offers an easy-to-use user interface for enterprise SOC activities in its SOAR solution. The product provides context-driven investigation capabilities that visually correlate incidents. Siemplify can group alerts to reduce analyst response time as well. The tool features case management and incident alert flows to SOC analysts, and utilizes machine learning to prioritize and suggest incident response handling based on past experience.
Splunk offers a security orchestration, automation, and response product called Splunk Phantom. The solution includes orchestration and automation capabilities alongside on-prem case management. Phantom also features centralized visualization through Phantom Mission Control, as well as recommendations through Mission Guidance. Splunk Phantom’s event and case management enables rapid triage events in either an automated, semi-automated, or manual fashion.
Swimlane’s SOAR platform focuses on the orchestration and automation of existing enterprise security controls and rote tasks. It can interact with hundreds of APIs from an organization’s existing technology stack. Swimlane even lets you reuse existing scripts, and customers can develop playbooks that visually represent complicated security operations workflows via drag-and-drop. The tool’s analytics and automated can be incorporated into security operations as well.
ThreatConnect’s SOAR solution offers a unique product architecture that brings together threat intelligence and security orchestration. The provider offers an expansive ecosystem of integrations as well. ThreatConnect draws its intelligence from internal components and third parties, which is then fed to enterprise security processes and workflows. The company has enhanced its SOAR capabilities in recent months to include upgraded threat intelligence and automation.
For more on the SOAR Providers: Best of 2021 and Beyond, check out the Guide.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021