Security Orchestration Automation and Response (SOAR)

1 Introduction

As the number and sophistication of cyberattacks have continued to increase over the years, some vendors realized that the traditional approaches and ...

1.1 Market Segment

The SOAR market, while still far from reaching full maturity, already has a reasonably well-established terminology and core set of capabilities. The ...

1.2 Delivery models

SOAR solutions often require complex deployment models. In most cases, on-premise components must be implemented, including software agents for upstre ...

1.3 Required capabilities

Broadly speaking, there are three major concentrations of technical capabilities within SOAR solutions.

Security data collection, correlation and en ...

2 Leadership

Selecting a vendor of a product or service must not only be based on the information provided in a KuppingerCole Leadership Compass. The Leadership Co ...

Palo Alto Networks, IBM, D3 Security, Exabeam, and ServiceNow are the overall leaders in this edition of the Leadership Compass on SOAR. Each of their ...

Product Leadership is where we examine the functional strength and completeness of services.

Palo Alto is at the top of the Product Leadership cha ...

Next, we examine innovation in the marketplace. Innovation is, from our perspective, a key capability in all IT market segments. Customers require i ...

The Innovation Leaders are Palo Alto, D3 Security, Siemplify, IBM, DF Labs, Exabeam, and ServiceNow. All are SOAR specialists (or were if you consider ...

Lastly, we analyze Market Leadership. This is an amalgamation of the number of customers, number of transactions evaluated, ratio between customers ...

IBM and ServiceNow are the Market Leaders. Both have not only good SOAR products that many customers are using, but they also have financial strength, ...

3 Correlated View

While the Leadership charts identify leading vendors in certain categories, many customers are looking not only for a product leader, but for a vendor ...

3.1 The Market/Product Matrix

The first of these correlated views contrasts Product Leadership and Market Leadership

Vendors below the line have a weaker market position than expected according to their product maturity. Vendors above the line are sort of “overperf ...

3.2 The Product/Innovation Matrix

This view shows how Product Leadership and Innovation Leadership are correlated. It is not surprising that there is a pretty good correlation between ...

Vendors below the line are more innovative; vendors above the line are, compared to the current Product Leadership positioning, less innovative.

The ...

3.3 The Innovation/Market Matrix

The third matrix shows how Innovation Leadership and Market Leadership are related. Some vendors might perform well in the market without being Innova ...

This chart shows how innovation is received in the marketplace.

IBM and ServiceNow are the Big Ones in SOAR. They have the intersection of sizable m ...

4 Products and Vendors at a glance

This section provides an overview of the various products we have analyzed within this KuppingerCole Leadership Compass on SOAR. This overview goes in ...

4.1 Ratings at a glance

Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in Table 1.

In addition, we provide in Table 2 an overview which also contains four additional ratings for the vendor, going beyond the product view provided in t ...

In Innovativeness, this rating would be applied if vendors provide none or very few of the more advanced features we look for, such as support for MFA ...

5 Product/service evaluation

This section contains a quick rating for every product/service we’ve included in this KuppingerCole Leadership Compass document. For many of the pro ...

5.1 D3 Security

D3 Security was founded in 2003 in Vancouver. The company is privately held. D3’s focus is on “intent-based SOAR”, which uses attacker technique ...

5.2 DFLabs

DFLabs was founded in Milan in 2004. They are a privately funded SOAR specialist now. They do not operate their software as a service, but they licens ...

5.3 Exabeam

Exabeam was founded in 2013 in Silicon Valley. They are a late-stage, well-funded but still private security analytics company. Exabeam offers a fully ...

5.4 IBM

IBM covers the SOAR technology area with the conjunction of three products listed above. IBM has a full security and identity management solutions, of ...

5.5 ManageEngine

ManageEngine is a division of privately held ZOHO and was founded in 1996. ManageEngine also has products for IT Help Desk management, patch and vulne ...

5.6 Micro Focus

Micro Focus is an IT software vendor with products covering many aspects of security, including a leading SIEM product that it acquired in 2010, ArcSi ...

5.7 Palo Alto Networks

Palo Alto Networks, founded in 2005 in Santa Clara, CA, was the pioneer in Next Generation Firewall (NGFW) technology, and is also a major player in t ...

5.8 ServiceNow

ServiceNow, founded in 2004 in San Diego, is a large IT management, operations, and business management software vendor. They also have products in th ...

5.9 Siemplify

Siemplify is a mid-stage startup concentrating on SOAR. They were founded in 2015 and are headquartered in New York. Deployments have on-premise compo ...

5.10 SIRP

SIRP is an early stage startup founded in 2017 and based in London. Their sole product is SOAR which is focused on risk-based security operations. The ...

5.11 ThreatConnect

ThreatConnect is a mid-stage equity-backed security firm headquartered in Arlington, VA. They were founded in 2011. Their solution encompasses threat ...

6 Vendors and Market Segments to watch

Aside from the vendors covered in detail in this Leadership Compass document, we also observe other vendors in the market that we find interesting. So ...

6.1 LogRhythm

LogRhythm was founded in Denver in 2003 and was acquired by Thoma Bravo in 2018. As the name implies, they started with log management and SIEM. Today ...

6.2 Rapid7

Boston-based Rapid7 was established in 2000. They have a suite of interrelated security products covering UBA, SIEM, patch and vulnerability managemen ...

6.3 Securonix

Securonix was formed in 2008 and is headquartered in Dallas. Their security analytics platform includes Data Lake, NDR (NTA), SIEM, and UBA. Securonix ...

6.4 Swimlane

Swimlane is a mid-stage security specialist that launched in 2014 in Denver. Swimlane is a SOAR specialist.

Swimlane has almost 150 integrations co ...

6.5 ThreatQuotient ThreatQ and Threat Investigations

ThreatQuotient is a venture-backed threat intelligence and SOAR specialist headquartered in Reston, VA, outside Washington, DC. The company was founde ...

7 Related Research

Leadership Compass: Network Detection and Response – 80126
Market Compass: Endpoint Protection Detection and Response – 80508
Market Compass: Cloud Access Security Brokers – 80079
Market Compass: Cloud Backup and Disaster Recovery – 71176
Leadership Brief: Incident Response Management - 80344
Leadership Brief: Responding to Cyber Incidents - 80209