Evaluating SOAR Solutions?POSTED BY LIZ BUSH
Download this New Gartner Report
Over the last 18 months there’s been increasing discussion within the security community about security orchestration, automation and response, or SOAR. It’s a term coined by Gartner so I can’t think of anyone better to shed light on the state of the market. That’s why I encourage you to download your complimentary copy of their 2019 Market Guide for Security Orchestration, Automation and Response Solutions.
In the report, Gartner projects “by the end of 2022, 30% of organizations with a security team larger than five people will leverage SOAR tools in their security operations, up from less than 5% today.” So, what’s driving the surge in interest? What should organizations consider as they evaluate vendors? And how can you maximize the value from your investments? You’ll find answers to these questions as well as a list of representative SOAR vendors, including ThreatQuotient.
Gartner explains that SOAR is grounded in the convergence of three technology solutions – security orchestration and automation, threat intelligence platforms and security incident response platforms. We believe the vendors listed in the report approach SOAR differently.
ThreatQuotient approaches SOAR by starting with the threat because we believe you cannot defend against what you do not understand. We have deep roots in threat intelligence management with our ThreatQ threat intelligence platform, but we also encompass automation, orchestration and incident response capabilities within our solutions.
As part of our core capabilities within ThreatQ, we have embedded automation early in the security lifecycle process, aggregating data in the ThreatQ Threat Library and enriching it with context. An automated scoring framework filters out noise and prioritizes the intelligence based on parameters you set. With this legwork done, ThreatQ applies only the relevant, high-priority threat intelligence automatically across your existing security infrastructure – to your SIEM or layers of defense (firewalls, IPS/IDS, routers, web and email security, endpoint detection and response, etc.) or incident response playbooks. This accelerates detection and orchestrates response against the threats that matter most to your organization. To ensure you remain focused on high-priority threats and to reduce false positives, the self-tuning Threat Library automatically recalculates and reevaluates priorities based on a continuous flow of new data and learnings.
To support incident response teams, ThreatQ Investigations provides a shared investigation environment that can include incident handlers, malware researchers, SOC analysts and investigation leads. Incident responders can quickly assess what other research has been performed and by whom, what tasks need to be assigned, and how all the data relates. They gain more control over an often chaotic process, and are able to make better decisions and coordinate response to take the right steps at the right time.
If you’re considering a SOAR solution, evaluate your options based on use cases and the gaps you need to fill within your threat investigation capabilities. Third-party research can help you determine the right path for you.
Download Gartner’s new report, Market Guide for Security Orchestration, Automation and Response Solutions, for a deeper understanding of how SOAR solutions are distinct in the marketplace, the drivers for adoption and how they can support and optimize broad security operations capabilities.
Gartner, Market Guide for Security Orchestration, Automation and Response Solutions, 27 June 2019, Claudio Neiva, Craig Lawson, Toby Bussa, Gorka Sadowski
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.