Last week marked another major milestone for the security orchestration, automation and response (SOAR) market: Gartner issued its first-ever Market Guide for SOAR.
This extensive research provides an excellent analysis of the current and future state of the SOAR space, as well as practical recommendations on how security and risk professionals should approach SOAR.
Here are some of my key takeaways from the research:
1) SOAR is not slowing down
Gartner states: “By year-end 2022, 30% of organizations with a security team larger than five people will leverage SOAR tools in their security operations, up from less than 5% today.” This is a sixfold increase in SOAR adoption over the next few years, a strong testament to the value that SOAR solutions bring to organizations.
2) Vendor neutrality is a differentiator
The SOAR space has already seen a handful of acquisitions (which are listed in the report). However, it is important to keep in mind that by their innate integrative nature, SOAR platforms must play nicely, and fairly, with the entire security ecosystem. This requires both relentless focus and a truly vendor-agnostic philosophy. Gartner could not have said it better: “The reality will more likely be that for some time independent solutions will continue to do a better job with their singular focus on roadmap execution and better treatment of being vendor neutral’ with available integrations.”
3) Don’t overlook implementation
It’s still early days for SOAR, and the report correctly states that “[o]ut-of-the-box playbooks and integrations are a starting point but can rarely be implemented without some customizations.” SOAR platforms have a way to go before they can be “tossed over the fence” for end users to figure out. When selecting a SOAR partner, make sure to evaluate the vendor’s onboarding and customer success methodology and team. It can truly make a difference between a SOAR project that is wildly successful and one that fails to deliver on expectations.
4) Pricing models matter
SOAR platforms differ in their pricing models. Common ones are based on number of analysts, events or playbooks/automations. Buyers should be wary of pricing models that are unpredictable and can easily balloon over time, or as Gartner states in the report: “Avoid pricing structures based on the volume of data managed by the tool or based on the number of playbooks run per month, as these metrics carry an automatic penalty for more frequent use of the solution.”
You can read the report in its entirety by downloading your complimentary copy.
Nimmy Reichenberg is CMO at Siemplify.