{"id":119373,"date":"2020-10-09T15:00:04","date_gmt":"2020-10-09T22:00:04","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=119373"},"modified":"2020-10-09T12:57:34","modified_gmt":"2020-10-09T19:57:34","slug":"secops-gartner-soar-solutions","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/10\/secops-gartner-soar-solutions\/","title":{"rendered":"Gartner: Market Guide for SOAR Solutions"},"content":{"rendered":"

Gartner recently published an updated Market Guide for Security Orchestration, Automation and Response Solutions. We believe this report delivers valuable insight on the current state of and forward outlook for the SOAR market, and once again outlines what Cortex XSOAR by Palo Alto Networks offers in alignment with their vision.\u00a0<\/span><\/p>\n

Automation<\/span><\/a> is a critical initiative for many security operations teams, who look to overcome resource constraints while keeping pace with evolving attackers and a growing volume of security alerts. SOAR plays a key role in addressing these challenges:<\/span><\/p>\n

\u201cThe security technology market, in general, is in a state of overload, with pressure on budgets, staff shortages and too many point solutions. Customers often cite problems with an overload of events or alerts, complexity and duplication of tools. As a general practice, automation promises to solve many of these problems and, in cybersecurity, SOAR is the primary vehicle for this functionality.\u201d<\/span><\/p>\n

We understand from the report that <\/span>\u201cSOAR solutions are steadily gaining traction in real-world use to improve security operations.\u201d <\/span>While SOAR has many potential <\/span>use cases<\/span><\/a> \u2013 from cloud security orchestration, to vulnerability management, to non-security use-cases \u2013 the most common starting point for SOAR adoption is for incident response. Gartner states that <\/span>\u201cSOAR solutions are primarily adopted to improve the processes around detection and response by context enrichment and by improving downstream prioritization and efficiency.\u201d<\/span> SOAR achieves this by combining case management, orchestration and automation, and threat intelligence functionality, all of which feed into each other to provide a robust and integrated \u201ccontrol plane for the modern SOC environment.\u201d\u00a0<\/span><\/p>\n

\"The<\/span><\/div>
SOAR combines three formerly separate technologies \u2013 SIRP, SOA and TIP<\/figcaption><\/figure>\n

As Palo Alto Networks rapidly expands the already broad and robust capabilities of Cortex XSOAR, we continue to feel 100% in alignment with Gartner\u2019s vision for SOAR. We\u2019ve integrated threat intelligence manag<\/span>ement earlier this year, and we continue to release new machine learning capabilities and third-party integrations to increase insight, automation and speed for incident responders. Per Gartner, \u201cXSOAR\u2019s focus has been to optimize the efficiency of security operations by offering a single platform for SOC analysts to manage incidents, automate and standardize incident response processes, as well as collaborate on incident investigations.\u201d<\/span><\/p>\n

SOAR has shown greater adoption among larger security operations centers and managed security providers who are at a level of maturity to be able to design automation. We aim to accelerate the time-to-value and accessibility of SOAR above and beyond the market trend, not only with our famously easy-to-use visual <\/span>playbook<\/span><\/a> editor, but also in a number of ways which we believe to be in alignment with Gartner\u2019s analysis:<\/span><\/p>\n