This new technique, first introduced in 2017, has various advantages. While different SOAR technologies have various characteristics, common benefits include enhanced productivity and visibility for security operations teams through integration and automation.
Efficiency in Operations
SOAR solutions enable teams to establish priorities and create workflows for security events that require minimal human intervention. When detection and remediation are automated, teams have more time to investigate the root cause of a problem and prevent it from recurring. Furthermore, in the event of a serious security problem, these technologies can immediately alert teams to allow for a speedy reaction.
Efficacy of Response
Simple issues can be discovered and resolved automatically with SOAR solutions. Once the data has been evaluated, investigation teams can offer it to incident response personnel before they are even aware of the event, significantly shortening the time from discovery to remediation.
SOAR reduces risk by streamlining the incident and vulnerability prioritisation process. One of the most significant procedures that SOAR can influence is vulnerability management. Simple concerns can be automatically resolved (or kept for later) while security teams investigate vulnerabilities affecting business-critical systems.
SOAR market updates
Despite the fact that SOAR technology has only been around for a few years, the market is predicted to exceed $2 billion by 2025, growing at a 16 per cent CAGR throughout that time, according to KBV Research.
Some of it came in the shape of new products from prominent security players. While a number of SIEM companies have grown organically, recent investments from tech titans such as Rapid7 and FireEye have given the sector credibility.
Acquisitions also added validity to the market. SOAR-related firms have been consumed by security vendors in recent years:
- Rapid7 has boosted its technology by acquiring three SOAR-related startups: NetFort, tCell, and Komand, in addition to introducing its SOAR platform InsightConnect in 2018.
- Splunk purchased VictorOPs and Phantom in 2019 to expand Splunk Enterprise Security and automate security operations using Splunk Phantom Security Orchestration.
- In 2019, Palo Alto Networks acquired Demisto, a Leader in G2’s SOAR sector, and Fortinet purchased Cybersponse.
The list goes on and on. Acquisitions may get the most attention, but SOAR providers collaborating with tech, consulting, and financial firms drove significant market expansion. The majority of these have taken two forms: case studies of enterprise cloud services and agreements with managed service providers (MSP).
LogRythm and Dell EMC formed cooperation in 2016 to combine solutions while bringing security automation and analytics to Dell EMC’s services. The next year, ThreatConnect began working with CenturyLink, Rapid7 with Microsoft, and Demisto with AWS, all of which brought security automation to their products and services.
Splunk began partnering with MSPs in 2016 while working with Accenture to automate security for Accenture’s application services. In 2017, LogRythm followed suit, doing the same for Deloitte. Since then, several more consulting, insurance, and service providers have collaborated with SOAR solution vendors to increase the functionality of their products or outsource parts of their services.
Google Cloud has purchased Israeli cybersecurity business Siemplify, a pioneer in enterprise security orchestration, automation, and response (SOAR) services. Siemplify will be incorporated into Google Cloud, specifically the Chronicle security analytics and threat intelligence platform, with the goal of improving security operations centres (SOCs) around the world. Siemplify had previously secured $58 million from sponsors such as 83North, Jump Capital, and G20 Ventures. The deal’s financial terms were not disclosed, however, some reports indicate it was worth $500 million.
Tips To Getting Ready For SOAR
- Check that your in-house abilities are compatible with the platform you select. “Each SOAR solution takes a slightly different approach,” explains Veronica Miller, a cybersecurity specialist at VPN overview. “Some are geared for highly competent analysts, while others are tailored for users of all skill levels.”
- Check that your tools have the API connectors you require. As previously said, while some SOAR platforms include pre-written connectivity for common tools, these aren’t widespread you’re likely to have some home-brewed tools you’ll want to incorporate as well. This is when API connectors come into play.
- Before automating your security events, map them out. Because automation is one of the major value propositions of SOAR systems, many organisations that install them rush into it. However, this can be a costly error. Use the opportunity provided by the SOAR transition to assess and rationalise your processes before creating playbooks based on them.
- If you’re just beginning, identify processes that are ideal candidates for automation and start with those. You will next determine how to proceed with the automation section of your trip.
These security trends are expected to continue until 2021 and beyond.
This means increasing collaboration between security vendors and service providers to improve security automation for their businesses and consumers.
The greatest benefit for security personnel will be a simpler job: attaining automation and visibility, running security systems in tandem, and establishing response workflows. This enables security teams to identify and prioritise concerns based on their specific goals or requirements. Furthermore, they can spend less time on trivial difficulties and rate risks appropriately to maximise the impact of every second spent working.
This should have a significant influence on enterprise security teams. Nearly one-third of enterprise organisations will have five or more security professionals on staff by 2022. According to Gartner, that figure will climb from 5% today.
SOAR-powered security teams in the future will be better equipped than ever to analyse risks, uncover security flaws, and promptly address attacks.