Gartner: Market Guide for SOAR Solutions

Gartner recently published an updated Market Guide for Security Orchestration, Automation and Response Solutions. We believe this report delivers valuable insight on the current state of and forward outlook for the SOAR market, and once again outlines what Cortex XSOAR by Palo Alto Networks offers in alignment with their vision. 

Automation is a critical initiative for many security operations teams, who look to overcome resource constraints while keeping pace with evolving attackers and a growing volume of security alerts. SOAR plays a key role in addressing these challenges:

“The security technology market, in general, is in a state of overload, with pressure on budgets, staff shortages and too many point solutions. Customers often cite problems with an overload of events or alerts, complexity and duplication of tools. As a general practice, automation promises to solve many of these problems and, in cybersecurity, SOAR is the primary vehicle for this functionality.”

We understand from the report that “SOAR solutions are steadily gaining traction in real-world use to improve security operations.” While SOAR has many potential use cases – from cloud security orchestration, to vulnerability management, to non-security use-cases – the most common starting point for SOAR adoption is for incident response. Gartner states that “SOAR solutions are primarily adopted to improve the processes around detection and response by context enrichment and by improving downstream prioritization and efficiency.” SOAR achieves this by combining case management, orchestration and automation, and threat intelligence functionality, all of which feed into each other to provide a robust and integrated “control plane for the modern SOC environment.” 

The screenshot shows how SOAR solutions converge three technologies: Security Incident Response Platforms (SIRP) (case/incident management, workflows, incident knowledgebase), Security Orchestration and Automation (SOA) (integrations, play/process/workflow automation, playbook management) and Threat Intelligence Platforms (TIPs) (TI Aggregation, curation, distribution, alert enrichment, TI visualization). Source: Gartner
SOAR combines three formerly separate technologies – SIRP, SOA and TIP

As Palo Alto Networks rapidly expands the already broad and robust capabilities of Cortex XSOAR, we continue to feel 100% in alignment with Gartner’s vision for SOAR. We’ve integrated threat intelligence management earlier this year, and we continue to release new machine learning capabilities and third-party integrations to increase insight, automation and speed for incident responders. Per Gartner, “XSOAR’s focus has been to optimize the efficiency of security operations by offering a single platform for SOC analysts to manage incidents, automate and standardize incident response processes, as well as collaborate on incident investigations.”

SOAR has shown greater adoption among larger security operations centers and managed security providers who are at a level of maturity to be able to design automation. We aim to accelerate the time-to-value and accessibility of SOAR above and beyond the market trend, not only with our famously easy-to-use visual playbook editor, but also in a number of ways which we believe to be in alignment with Gartner’s analysis:

  • Through the Cortex XSOAR Marketplace, which offers a way for more security teams to accelerate their automation with pre-built, vendor-certified integration and automation playbooks that can be activated in a matter of clicks. 
  • Through rich cloud-delivered SOAR functionality to minimize resource requirements and support an increasingly remote workforce.
  • Through our extended detection and response (XDR) platform, which complements the extensibility of Cortex XSOAR in the incident response tech stack with pre-built investigation automation and enrichment functionality.

To read more, including key findings, recommendations, and investment considerations, download a complimentary copy of the Gartner Market Guide for Security Orchestration, Automation and Response Solutions today.


Secure Today,
for a Better
Tomorrow
Join us at IGNITE’20