SOAR solutions are gaining visibility and real-world use driven by early adoption to improve security operations centers. Security and risk management leaders should start to evaluate how these solutions can support and optimize their broader security operations capabilities.
Key Findings
The SOAR technology market aims to converge security orchestration and automation(SOA), security incident response (SIR) and threat intelligence platform (TIP) capabilities into single solutions.
EarlyadoptersofSOARtechnologieshavebeenorganizationsandmanagedsecurityservice providers with mature security operations centers (SOCs) that understood the benefits of incorporating SOAR capabilities into their operations. However, use cases implemented by early adopters have not evolved over the last 12 months and are stuck in a rut, limiting the long-term potential for SOAR in security operations.
SOAR solutions are not“plug-and-play.” Even though solutions have a library of out-of-the-box use cases and integrations, buyers are reporting multi week professional services engagements to implement their initial use cases, as every organization’s processes and technologies deployed are different.
Orchestrationandautomationarestartingtobelocalizedinpointsecuritytechnologies,usually in the form of predefined, automated workflows. This is not the same as a full-featured SOAR solution.
参考文档:Market Guide for Security Orchestration, Automation and Response Solutions - Gartner 2019
- 【转载】How SOAR Makes Threat Detection and Remediation More Effective
- 【转载】Key Takeaways from Gartner’s 2020 Market Guide for SOAR Solutions
- Research and Markets SOAR 市场调研报告(2019-2015)
- 【转载】Five benefits to implementing security automation using SOAR
- 【转载】Understanding the Fundamental Rights of the Data Subject and establishing your Data Privacy Program with SOAR