Solutions Review’s Vendors to Know in SOAR Platforms, 2021

Solutions Review’s Vendors to Know in SOAR Platforms, 2021

Solutions Review’s annual Vendors to Know in SOAR (Security Orchestration, Automation, and Response) Platforms provides the details on some of the most critical solution providers in the space.

The editors at Solutions Review continually research the most prominent and influential SOAR vendors to assist buyers in search of the tools befitting the needs of their organization. Choosing the right vendor and solution can be a complicated process; it requires constant market research and often comes down to more than just the solution and its technical capabilities. To make your search a little easier, we listed the vendors to know in SOAR platforms. 

Note: All vendors are listed alphabetically. 

Vendors to Know in SOAR Platforms, 2021

Cyberbit 

 

 

 

Cyberbit spun out of Elbit Systems in 2015, and offers its own SOAR solution called SOC 3D. SOC 3D focuses on orchestration, automation, and big data investigation especially for enterprise security operations centers; additionally, it also provides a playbook builder for smoother playbook creation and editing; this facilitates incident response against a variety of cyber-attacks. Further, Cyberbit also offers solutions such as Cyberbit Range for training and simulation, SCADAShield and SCADAShield Mobile for visibility and detection of threats, and Cyberbit EDR.

Learn more and compare products with the Solutions Review Buyer’s Guide for SOAR 

IBM

 

 

 

In addition to its other cybersecurity and identity solutions, IBM offers its IBM Resilient solution for SOAR. IBM Resilient provides workflow, case management, and orchestration and automation capabilities. It focuses on case management, orchestration, and automation capabilities, alongside machine learning. IBM can deliver IBM Resilient via on-premises software or via a Security-as-a-Service (SaaS) model, and it also offers an MSSP offering. IBM Resilient forms a part of IBM’s overall X-Force Threat Management Service solution. Therefore, it can leverage the IBM X-Force Exchange. IBM Resilient can accelerate cyber resilience and speed incident response efforts through challenges like skill shortages.  

Learn more and compare products with the Solutions Review Buyer’s Guide for SOAR 

Logsign

 

 

 

Logsign offers a comprehensive, control-plane type of SOAR for enterprises, regardless of whether they have SOC or not. It believes that cybersecurity automation is a need for all enterprises. Logsign focuses on smart and efficient orchestration, seamless automation, and investigation, especially for enterprises. It seeks to improve the maturity of SecOps, automation of workflows with bots, and playbooks, as well as providing a visual codeless playbook editor. Additionally, it provides a playbook simulation tool and easy configuration. The ultimate goal is robust and clutter-free cybersecurity, reducing MTTD and MTTR and for sure solving the HR issues of SOCs.

Learn more and compare products with the Solutions Review Buyer’s Guide for SOAR 

Palo Alto Networks

Palo Alto Networks

 

 

 

Palo Alto Networks acquired Demisto in early 2019. Since then, it has incorporated the provider into the Cortex XSOAR solution. It continues to emphasize optimizing the efficiency of enterprise security operations by offering a single platform for SOC analysts. This platform allows for IT teams to manage incidents, automate, and standardize incident response processes, and collaborate on incident investigations. Cortex XSOAR uses its own machine learning capabilities to support functions including incident triage and actionable insight delivery to SOC analysts. For example, Cortex XSOAR Jobs Use Cases can run scheduled VPN checks, threat hunting exercises, and scans for vulnerable applications. 

Learn more and compare products with the Solutions Review Buyer’s Guide for SOAR 

Rapid7

Rapid7

 

 

 

Rapid7 offers SOAR capabilities via its InsightConnect solution. The InsightConnect solution helps enterprise security analysts optimize their security operations. It offers a library of several hundred plug-ins and a visual workflow builder that requires little to no code. In terms of automation capabilities, Rapid7’s vulnerability management (InsightVM) and cloud SIEM solutions with embedded UEBA solutions (InsightIDR) allow customers to automate key security processes. Rapid7 acquired DivvyCloud in 2020.

Learn more and compare products with the Solutions Review Buyer’s Guide for SOAR 

Siemplify

Siemplify

 

 

 

Siemplify offers an easy-to-use user interface for enterprise SOC activities in its SOAR solution. The product provides context-driven investigation capabilities that visually correlate incidents. Siemplify can group alerts to reduce analyst response time as well. The tool features case management and incident alert flows to SOC analysts, and utilizes machine learning to prioritize and suggest incident response handling based on past experience. Siemplify’s dashboards and reporting are designed for tracking and SOC metrics like crisis management and analyst collaboration.

Learn more and compare products with the Solutions Review Buyer’s Guide for SOAR 

Splunk

 

 

 

Splunk offers a security orchestration, automation, and response product called Splunk Phantom. The solution includes orchestration and automation capabilities alongside on-prem case management. Phantom also features centralized visualization through Phantom Mission Control, as well as recommendations through Mission Guidance. Splunk uses an events-per-day (EPD) model that defines events based on which are acted upon inside the tool. Splunk supports hundreds of tools and thousands of unique APIs, and Phantom event and case management enables rapid triage events in either an automated, semi-automated, or manual fashion.

Learn more and compare products with the Solutions Review Buyer’s Guide for SOAR 

Swimlane

Swimlane

 

 

 

Swimlane’s SOAR platform focuses on the orchestration and automation of existing enterprise security controls and rote tasks. It can interact with hundreds of APIs from an organization’s existing technology stack. Swimlane even lets you reuse existing scripts, and customers can develop playbooks that visually represent complicated security operations workflows via drag-and-drop. The tool’s analytics and automated can be incorporated into security operations as well. The Swimlane SOAR platform helps IT security teams provide consistency and accuracy to the workflow.

Learn more and compare products with the Solutions Review Buyer’s Guide for SOAR 

ThreatConnect

 

 

 

ThreatConnect’s SOAR solution offers a unique product architecture that brings together threat intelligence and security orchestration. The provider offers an expansive ecosystem of integrations as well. ThreatConnect draws its intelligence from internal components and third parties, which is then fed to enterprise security processes and workflows. The company has enhanced its SOAR capabilities in recent months to include upgraded threat intelligence and automation. ThreatConnect also includes in-depth documentation for quickly identifying false positives as well.

Learn more and compare products with the Solutions Review Buyer’s Guide for SOAR 

Those were our picks for the Vendors to Know in SOAR Platforms, 2021.

Ben Canner