Gartner Releases 2019 Market Guide for SOAR Solutions

The last few years have seen a surge of interest in security orchestration and automation (SOA) and how security operations teams can benefit from its adoption. The security orchestration, automation and response (SOAR) market, as defined by Gartner in 2017, evolved from three previously distinct technologies: SOA, security incident response platforms (SIRPs) and threat intelligence platforms (TIPs).


This convergence of three complementary technology areas has magnified the importance of SOAR tools and their increased adoption by security operations teams. In its new market guide, Gartner predicted that, “By year-end 2022, 30 percent of organizations with a security team larger than five people will leverage SOAR tools in their security operations, up from less than 5 percent today.”


A key reason for this growing demand is the pressure on security operations teams to meet an increasing volume of attacks, which are becoming more complex and severe. Gartner points out in the market guide, “As organizations consider threats that destroy data and can result in disclosure of intellectual property and monetary extortion, they require rapid, consistent, continuous and more frequent responses with fewer manual steps.”


Why Are Organizations Adopting Security Orchestration, Automation and Response (SOAR)?


Security teams are adopting SOAR tools to meet key use cases that can deliver short-term benefits. Gartner identified three key areas of security operations decision-making where SOAR tools can add value:


Prioritizing security operations activities
Formalizing triage and incident response
Automating response

All of these areas can reduce the human power needed to operationalize the response process. As noted in the report, “Speed is of the essence in today’s threat landscape,” and organizations that can react quickly in a consistent manner will be best equipped to gartner releases market guide solutions