SOAR solutions are gaining visibility and real-world use driven by early adoption to improve security operations centers. Security and risk management leaders should start to evaluate how these solutions can support and optimize their broader security operations capabilities.
The SOAR technology market aims to converge security orchestration and automation(SOA), security incident response (SIR) and threat intelligence platform (TIP) capabilities into single solutions.
EarlyadoptersofSOARtechnologieshavebeenorganizationsandmanagedsecurityservice providers with mature security operations centers (SOCs) that understood the benefits of incorporating SOAR capabilities into their operations. However, use cases implemented by early adopters have not evolved over the last 12 months and are stuck in a rut, limiting the long-term potential for SOAR in security operations.
SOAR solutions are not“plug-and-play.” Even though solutions have a library of out-of-the-box use cases and integrations, buyers are reporting multi week professional services engagements to implement their initial use cases, as every organization’s processes and technologies deployed are different.
Orchestrationandautomationarestartingtobelocalizedinpointsecuritytechnologies,usually in the form of predefined, automated workflows. This is not the same as a full-featured SOAR solution.