Bridging the security gap with SOAR

Published: 11 April 2019

Cyber security threats are evolving and organizations face major security challenges like alert overload, increasing number of disparate security tools, and struggling to report their operational performance.   To manage all of it proved costly, time consuming and complex as well.  In the late 90’s there was the evolution of Security Information and Event Management (SIEM also called SIM) to address these, during that time there were fewer endpoints, lesser distributed workforce and minimal cloud adoption.

With the advancement into the digital era, organizations are pressed with need for better threat detection and faster response time.  Coined, Security Orchestration Automation Response (SOAR) by research firm Gartner, SOAR is now helping organizations grow out these limitations.

According to Gartner “By 2021, 70% of enterprise organizations with a dedicated Security Operations Center (SOC) will include SOAR capabilities, either through their SIEM solution or a dedicated platform, up from less than 5% in 2018.”

SOAR technologies allow organizations to collect data from security threats and alerts from multiple sources, after a machine-led analysis, and respond to the low-level security threats.  SOAR can be deployed both on-premise and within a cloud environment.  Some of the SOAR vendors include Swimlane, FireEye Security Orchestrator, Uplevel Security, RSA Security Analytics, StegoSOC, CyberSponse, and Forescout,   To beat this competition, vendors such as Fortinet, Splunk, Logrhythm are making enhancements to have SOAR features in their products to catch-up with market requirements.