SOAR’s place in the fast-moving security arena has changed, and it is being swallowed up by advanced SIEMs. A new Gartner report sheds light on how the market has shifted and lays bare the paradox of smaller SOC teams, who need automated triage the most but aren’t able to maintain a SOAR.
Security Orchestration, Automation and Response (SOAR) solutions came on the market around six years ago. The two main objectives of these tools were to orchestrate 3rd party tools for filtering false positive alerts out of the network, and to automatically block attacks. SOAR came on the scene with bold statements to fill in some of the gaps that existed in Security Information and Event Management (SIEM) platforms, which have been making security analysts miserable for twenty years now.