With security skills at an all-time low, and a steadily increasing demand for them, enterprise is increasingly meeting the gap with the SOAR tools. However, the technology is still far from mature
The Security, Orchestration, Automation and Response (SOAR) technology has become the focus of CISOs who want to automate the cybersecurity processes. With the ability to merge threat and vulnerability management, security operations automation, and security incidence response, into a single offering, SOAR platforms will help security leads mitigate a lot of existing cyber security issues.
According to Gartner, the SOAR technology market is expected to grow from a 1% adoption rate in 2018 to 15% by 2020.
Experts believe that while cybersecurity tools have matured, the response time to security issues has always taken time, mostly due to the skills shortage. Unsurprisingly, SOAR tools are increasingly becoming the answer for some most pressing security problems. The current generation of SOAR is supporting better platform accessibility to security teams, including the sectors that were late adopters of technology, like retail, government, and healthcare.
The scope of SOAR platforms has increased from providing proper handling of security to much deeper feature sets that can handle more extensive investigations and serious incidents. The sophistication of automation and orchestration features have also reached a level where they can be integrated into existing security frameworks.
Experts believe the need for dealing with complex and multiple security incidents has necessitated a level of seamless coordination across technology, people and processes. The development of SOAR platforms has resulted in tools that can be leveraged to exchange detailed information, analyse data from threat intelligence sources, and empower analysts to take action directly from the SOAR interface. The two ways in which SOAR is most used it for process automation and orchestration as it has the ability to tie different tools on a same network to mitigate a problem.
To judge a technology, the ultimate validation is in the funding that technology receives and the series of acquisitions of SOAR vendors by tech giants. SOAR provider Swimlane raised $23 million in a Series B this month from Energy Impact Partners. This makes the total funding to $35 million. Swimlane increased its revenue by 544% since 2017 and has doubled its staff size in a year.
Siemplify, an independent provider of SOAR, released a new version of its security operations platform and raised the bar for end-to-end security operations management. The new Version 5.0 has key features like advanced crisis management, advanced playbook building, real-time collaboration, and streamlined remote operations. Madrid-based security provider for enterprises A3Sec deployed DFLabs’ IncMan SOAR platform to optimize its security operations centre (SOC). A3Sec closed two deals May and has seen an increase of $100,000 in business in this quarter.
While the technology is being adopted fast, experts warn that it can come with its own risks. Enterprises need to do due diligence in terms of cybersecurity treatment and risk management and see if the new element creates any new vulnerability. Also, SOAR platforms shouldn’t be viewed as a solution for all security issues. The technology is an ‘overlay’ for operational activities.
What is exciting is that SOAR is still a relatively new category. Experts believe that a lot of innovation has to come in SOAR platforms. Automation and orchestration have become matured enough to become indispensable tools, and soon they will complement in other platforms by AI, ML, and other emerging technology.