KuppingerCole Report
Leadership Compass
By John Tolbert

Security Orchestration Automation and Response (SOAR)

This report provides an overview of the SOAR market and provides you with a compass to help you to find the solution that best meets your needs. We examine the SOAR market segment, product/service functionality, relative market share, and innovative approaches to providing SOAR solutions.

1 Introduction

As the number and sophistication of cyberattacks have continued to increase over the years, some vendors realized that the traditional approaches and ...

Login Get full Access

1.1 Market Segment

The SOAR market, while still far from reaching full maturity, already has a reasonably well-established terminology and core set of capabilities. The ...

Login Get full Access

1.2 Delivery models

SOAR solutions often require complex deployment models. In most cases, on-premise components must be implemented, including software agents for upstre ...

Login Get full Access

1.3 Required capabilities

Broadly speaking, there are three major concentrations of technical capabilities within SOAR solutions.

Security data collection, correlation and en ...

Login Get full Access

2 Leadership

Selecting a vendor of a product or service must not only be based on the information provided in a KuppingerCole Leadership Compass. The Leadership Co ...

Palo Alto Networks, IBM, D3 Security, Exabeam, and ServiceNow are the overall leaders in this edition of the Leadership Compass on SOAR. Each of their ...

Product Leadership is where we examine the functional strength and completeness of services.

Palo Alto is at the top of the Product Leadership cha ...

Login Get full Access

Next, we examine innovation in the marketplace. Innovation is, from our perspective, a key capability in all IT market segments. Customers require i ...

The Innovation Leaders are Palo Alto, D3 Security, Siemplify, IBM, DF Labs, Exabeam, and ServiceNow. All are SOAR specialists (or were if you consider ...

Login Get full Access

Lastly, we analyze Market Leadership. This is an amalgamation of the number of customers, number of transactions evaluated, ratio between customers ...

IBM and ServiceNow are the Market Leaders. Both have not only good SOAR products that many customers are using, but they also have financial strength, ...

Login Get full Access

3 Correlated View

While the Leadership charts identify leading vendors in certain categories, many customers are looking not only for a product leader, but for a vendor ...

Login Get full Access

3.1 The Market/Product Matrix

The first of these correlated views contrasts Product Leadership and Market Leadership

Vendors below the line have a weaker market position than expected according to their product maturity. Vendors above the line are sort of “overperf ...

Login Get full Access

3.2 The Product/Innovation Matrix

This view shows how Product Leadership and Innovation Leadership are correlated. It is not surprising that there is a pretty good correlation between ...

Vendors below the line are more innovative; vendors above the line are, compared to the current Product Leadership positioning, less innovative.

The ...

Login Get full Access

3.3 The Innovation/Market Matrix

The third matrix shows how Innovation Leadership and Market Leadership are related. Some vendors might perform well in the market without being Innova ...

This chart shows how innovation is received in the marketplace.

IBM and ServiceNow are the Big Ones in SOAR. They have the intersection of sizable m ...

Login Get full Access

4 Products and Vendors at a glance

This section provides an overview of the various products we have analyzed within this KuppingerCole Leadership Compass on SOAR. This overview goes in ...

Login Get full Access

4.1 Ratings at a glance

Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in Table 1.

Login Get full Access

In addition, we provide in Table 2 an overview which also contains four additional ratings for the vendor, going beyond the product view provided in t ...

Login Get full Access

In Innovativeness, this rating would be applied if vendors provide none or very few of the more advanced features we look for, such as support for MFA ...

Login Get full Access

5 Product/service evaluation

This section contains a quick rating for every product/service we’ve included in this KuppingerCole Leadership Compass document. For many of the pro ...

Login Get full Access

5.1 D3 Security

D3 Security was founded in 2003 in Vancouver. The company is privately held. D3’s focus is on “intent-based SOAR”, which uses attacker technique ...

Login Get full Access

5.2 DFLabs

DFLabs was founded in Milan in 2004. They are a privately funded SOAR specialist now. They do not operate their software as a service, but they licens ...

Login Get full Access

5.3 Exabeam

Exabeam was founded in 2013 in Silicon Valley. They are a late-stage, well-funded but still private security analytics company. Exabeam offers a fully ...

Login Get full Access

5.4 IBM

IBM covers the SOAR technology area with the conjunction of three products listed above. IBM has a full security and identity management solutions, of ...

Login Get full Access

5.5 ManageEngine

ManageEngine is a division of privately held ZOHO and was founded in 1996. ManageEngine also has products for IT Help Desk management, patch and vulne ...

Login Get full Access

5.6 Micro Focus

Micro Focus is an IT software vendor with products covering many aspects of security, including a leading SIEM product that it acquired in 2010, ArcSi ...

Login Get full Access

5.7 Palo Alto Networks

Palo Alto Networks, founded in 2005 in Santa Clara, CA, was the pioneer in Next Generation Firewall (NGFW) technology, and is also a major player in t ...

Login Get full Access

5.8 ServiceNow

ServiceNow, founded in 2004 in San Diego, is a large IT management, operations, and business management software vendor. They also have products in th ...

Login Get full Access

5.9 Siemplify

Siemplify is a mid-stage startup concentrating on SOAR. They were founded in 2015 and are headquartered in New York. Deployments have on-premise compo ...

Login Get full Access

5.10 SIRP

SIRP is an early stage startup founded in 2017 and based in London. Their sole product is SOAR which is focused on risk-based security operations. The ...

Login Get full Access

5.11 ThreatConnect

ThreatConnect is a mid-stage equity-backed security firm headquartered in Arlington, VA. They were founded in 2011. Their solution encompasses threat ...

Login Get full Access

6 Vendors and Market Segments to watch

Aside from the vendors covered in detail in this Leadership Compass document, we also observe other vendors in the market that we find interesting. So ...

Login Get full Access

6.1 LogRhythm

LogRhythm was founded in Denver in 2003 and was acquired by Thoma Bravo in 2018. As the name implies, they started with log management and SIEM. Today ...

Login Get full Access

6.2 Rapid7

Boston-based Rapid7 was established in 2000. They have a suite of interrelated security products covering UBA, SIEM, patch and vulnerability managemen ...

Login Get full Access

6.3 Securonix

Securonix was formed in 2008 and is headquartered in Dallas. Their security analytics platform includes Data Lake, NDR (NTA), SIEM, and UBA. Securonix ...

Login Get full Access

6.4 Swimlane

Swimlane is a mid-stage security specialist that launched in 2014 in Denver. Swimlane is a SOAR specialist.

Swimlane has almost 150 integrations co ...

Login Get full Access

6.5 ThreatQuotient ThreatQ and Threat Investigations

ThreatQuotient is a venture-backed threat intelligence and SOAR specialist headquartered in Reston, VA, outside Washington, DC. The company was founde ...

Login Get full Access

Methodology

Copyright

©2020 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded back in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top