SOAR研究报告 Gartner 关于 SOAR 解决方案的指南(2019)

xiaobing · 2020年03月13日 · 919 次阅读

SOAR solutions are gaining visibility and real-world use driven by early adoption to improve security operations centers. Security and risk management leaders should start to evaluate how these solutions can support and optimize their broader security operations capabilities.

Key Findings

  • The SOAR technology market aims to converge security orchestration and automation(SOA), security incident response (SIR) and threat intelligence platform (TIP) capabilities into single solutions.

  • EarlyadoptersofSOARtechnologieshavebeenorganizationsandmanagedsecurityservice providers with mature security operations centers (SOCs) that understood the benefits of incorporating SOAR capabilities into their operations. However, use cases implemented by early adopters have not evolved over the last 12 months and are stuck in a rut, limiting the long-term potential for SOAR in security operations.

  • SOAR solutions are not“plug-and-play.” Even though solutions have a library of out-of-the-box use cases and integrations, buyers are reporting multi week professional services engagements to implement their initial use cases, as every organization’s processes and technologies deployed are different.

  • Orchestrationandautomationarestartingtobelocalizedinpointsecuritytechnologies,usually in the form of predefined, automated workflows. This is not the same as a full-featured SOAR solution.

参考文档:Market Guide for Security Orchestration, Automation and Response Solutions - Gartner 2019

需要 登录 后方可回复, 如果你还没有账号请点击这里 注册