Solutions Review’s annual Vendors to Know in SOAR (Security Orchestration, Automation, and Response) Platforms provides the details on some of the most critical solution providers in the space.
The editors at Solutions Review continually research the most prominent and influential SOAR vendors to assist buyers in search of the tools befitting the needs of their organization. Choosing the right vendor and solution can be a complicated process; it requires constant market research and often comes down to more than just the solution and its technical capabilities. To make your search a little easier, we listed the vendors to know in SOAR platforms.
Note: All vendors are listed alphabetically.
Vendors to Know in SOAR Platforms, 2021
Cyberbit spun out of Elbit Systems in 2015, and offers its own SOAR solution called SOC 3D. SOC 3D focuses on orchestration, automation, and big data investigation especially for enterprise security operations centers; additionally, it also provides a playbook builder for smoother playbook creation and editing; this facilitates incident response against a variety of cyber-attacks. Further, Cyberbit also offers solutions such as Cyberbit Range for training and simulation, SCADAShield and SCADAShield Mobile for visibility and detection of threats, and Cyberbit EDR.
In addition to its other cybersecurity and identity solutions, IBM offers its IBM Resilient solution for SOAR. IBM Resilient provides workflow, case management, and orchestration and automation capabilities. It focuses on case management, orchestration, and automation capabilities, alongside machine learning. IBM can deliver IBM Resilient via on-premises software or via a Security-as-a-Service (SaaS) model, and it also offers an MSSP offering. IBM Resilient forms a part of IBM’s overall X-Force Threat Management Service solution. Therefore, it can leverage the IBM X-Force Exchange. IBM Resilient can accelerate cyber resilience and speed incident response efforts through challenges like skill shortages.
Logsign offers a comprehensive, control-plane type of SOAR for enterprises, regardless of whether they have SOC or not. It believes that cybersecurity automation is a need for all enterprises. Logsign focuses on smart and efficient orchestration, seamless automation, and investigation, especially for enterprises. It seeks to improve the maturity of SecOps, automation of workflows with bots, and playbooks, as well as providing a visual codeless playbook editor. Additionally, it provides a playbook simulation tool and easy configuration. The ultimate goal is robust and clutter-free cybersecurity, reducing MTTD and MTTR and for sure solving the HR issues of SOCs.
Palo Alto Networks
Palo Alto Networks acquired Demisto in early 2019. Since then, it has incorporated the provider into the Cortex XSOAR solution. It continues to emphasize optimizing the efficiency of enterprise security operations by offering a single platform for SOC analysts. This platform allows for IT teams to manage incidents, automate, and standardize incident response processes, and collaborate on incident investigations. Cortex XSOAR uses its own machine learning capabilities to support functions including incident triage and actionable insight delivery to SOC analysts. For example, Cortex XSOAR Jobs Use Cases can run scheduled VPN checks, threat hunting exercises, and scans for vulnerable applications.
Rapid7 offers SOAR capabilities via its InsightConnect solution. The InsightConnect solution helps enterprise security analysts optimize their security operations. It offers a library of several hundred plug-ins and a visual workflow builder that requires little to no code. In terms of automation capabilities, Rapid7’s vulnerability management (InsightVM) and cloud SIEM solutions with embedded UEBA solutions (InsightIDR) allow customers to automate key security processes. Rapid7 acquired DivvyCloud in 2020.
Siemplify offers an easy-to-use user interface for enterprise SOC activities in its SOAR solution. The product provides context-driven investigation capabilities that visually correlate incidents. Siemplify can group alerts to reduce analyst response time as well. The tool features case management and incident alert flows to SOC analysts, and utilizes machine learning to prioritize and suggest incident response handling based on past experience. Siemplify’s dashboards and reporting are designed for tracking and SOC metrics like crisis management and analyst collaboration.
Splunk offers a security orchestration, automation, and response product called Splunk Phantom. The solution includes orchestration and automation capabilities alongside on-prem case management. Phantom also features centralized visualization through Phantom Mission Control, as well as recommendations through Mission Guidance. Splunk uses an events-per-day (EPD) model that defines events based on which are acted upon inside the tool. Splunk supports hundreds of tools and thousands of unique APIs, and Phantom event and case management enables rapid triage events in either an automated, semi-automated, or manual fashion.
Swimlane’s SOAR platform focuses on the orchestration and automation of existing enterprise security controls and rote tasks. It can interact with hundreds of APIs from an organization’s existing technology stack. Swimlane even lets you reuse existing scripts, and customers can develop playbooks that visually represent complicated security operations workflows via drag-and-drop. The tool’s analytics and automated can be incorporated into security operations as well. The Swimlane SOAR platform helps IT security teams provide consistency and accuracy to the workflow.
ThreatConnect’s SOAR solution offers a unique product architecture that brings together threat intelligence and security orchestration. The provider offers an expansive ecosystem of integrations as well. ThreatConnect draws its intelligence from internal components and third parties, which is then fed to enterprise security processes and workflows. The company has enhanced its SOAR capabilities in recent months to include upgraded threat intelligence and automation. ThreatConnect also includes in-depth documentation for quickly identifying false positives as well.
Those were our picks for the Vendors to Know in SOAR Platforms, 2021.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021