KuppingerCole Report
Buyer's Compass
By John Tolbert

Security Orchestration, Automation and Response (SOAR)

Security Orchestration, Automation & Response (SOAR) refers to comprehensive solutions with capabilities that support a range of security tools and data sources. This KuppingerCole Buyer’s Compass will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will help prepare your organization to conduct RFIs and RFPs for SOAR solutions.

1 How to Use the Buyer’s Compass

This KuppingerCole Buyer’s Compass on SOAR solutions provides information about

  • Use Cases
  • Functional Selection Criteria
  • Non-functional Selection Criteria
  • Technical Prerequisites
  • Organizational Prerequisites
  • Questions to ask the vendors

Focusing on the most important aspects of products and services offered compared to use cases helps during vendor selection, based on the experience of KuppingerCole from its research and advisory services.

This document is not a complete guideline for selecting vendors but should provide an excellent starting point to streamline the decision-making process.

How to use it:

  • Identify your primary use cases
  • Review the functional selection criteria – their weight might be based on the matrix of these use cases and the functional selection criteria
  • Review the non-functional selection criteria
  • Request information and rate the vendors on these criteria
  • Ask additional questions of the vendors, as defined
  • Define a shortlist of vendors based on the results and continue with the vendor selection process, with more detailed RFIs and PoCs
  • Ensure that the technical and organizational prerequisites are in place

There are related documents available from KuppingerCole. KuppingerCole Advisory Services can provide further support in the vendor selection processes.

2 Market Segments Defined

As the number and sophistication of cyberattacks have continued to increase over the years, some vendors realized that the traditional approaches and ...

Most vendor solutions have both product and service aspects. Components can be deployed on-premises, although some vendors have forward-looking servic ...

Login Get full Access

3 Top 5 Use Cases

Use Case Description
Investigations Security analysts are tasked with examining potential security events and incidents, determini ...
Login Get full Access

4 Top 10 Selection Criteria - Functional

IT leaders must perform a detailed evaluation and assessment of SOAR solution providers. The functional selection criteria presented in the table belo ...

Login Get full Access

5 Top 10 Selection Criteria – Non-functional

Aside from the functional selection criteria listed above, there are a number of non-functional criteria to take into account when deciding on an appr ...

Login Get full Access

6 Use Cases / Selection Criteria Matrix

Having identified the essential use cases and selection criteria for SOAR vendors, this section provides a matrix that maps use cases and functional s ...

Table 4: Mapping of Top 10 Functional Criteria to Top 5 SOAR Use Cases

These criteria need to be adapted to your business and operational requiremen ...

Login Get full Access

7 Top 5 Prerequisites - Technical

Even if you transition from an on-premises SOAR deployment to a cloud-based approach, you will still need to carefully assess the gap between the tech ...

Login Get full Access

8 Top 10 Prerequisites - Organizational

A successful SOAR vendor selection depends on more than the technology itself, and organizational factors should not be neglected. The following are t ...

Login Get full Access

9 Top 10 Questions to ask the Vendors

Aside from asking for specific features, there are some other questions that are worth asking vendors. The following questions help in understanding t ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.