2020 SOAR Report Highlights Key Drivers and Impacts

Are you interested in security orchestration, automation and response (SOAR) solutions and want to find out more about the drivers, use cases and benefits organizations are seeing from these tools?

Cybersecurity Insiders and Swimlane just released the 2020 SOAR Report with insights from more than 300 surveyed cybersecurity professionals on the use of SOAR in their environments, including:

  • Why organizations chose to implement SOAR and the improvements they have realized post-implementation
  • The most common tools that organizations are integrating with SOAR
  • The use cases organizations are using SOAR to address

A primary theme among survey respondents was an understanding of the need for and the importance of SOAR, with 90 percent replying that SOAR is very important or extremely important to their organization’s overall security posture. Although organizations are using SOAR in a variety of ways, it’s evident from the research that the value and benefits realized are significant.

Key Takeaways from the 2020 SOAR Report

There are several overlapping key drivers that lead organizations to invest in SOAR. According to the research, the top three key drivers are:

  1. An increase in the volume of threats
  2. The need to reduce the time to respond, contain and remediate those threats
  3. The need to improve triage quality and speed

Organizations use SOAR for a variety of reasons and use cases. This mostly depends on their security priorities and the existing security tools they integrate with SOAR. The report found that the most popular use cases include SIEM triage, responding to phishing attacks, and threat intelligence.

The types of tools organizations integrate with their SOAR platforms depend greatly on the use cases they prioritize. While virtually any tool can be integrated with SOAR, it’s little surprise that organizations in this survey have aligned their top use cases and tool integrations, being most likely to integrate threat intelligence, endpoint security, and SIEM and log management tools with their SOAR solution. If you are considering SOAR, it is vital that the solution can integrate with your existing tool stack.

Justification of investment in SOAR solutions is a mix of quantitative and qualitative impacts. Overall cost savings ranked behind reducing mean time to resolution, maximizing staff efficiency, and optimizing value of existing tools. For tracking ROI, make sure your SOAR solution can track the metrics that matter most to you in intuitive dashboards and reporting.

Organizations see clear productivity and efficiency improvements from using a SOAR solution. While there was quite a bit of variation with some respondents seeing over 100 percent improvements, the average productivity and efficiency improvement seen was 26-50 percent. This likely has to do with the fact that 38 percent of organizations are new to SOAR, having implemented the solution less than a year previously. It’s worth noting here that Swimlane customers average well over 80 percent improvement in productivity and efficiency.

In looking specifically at improvements seen around a couple key drivers for SOAR:

  • 89 percent of respondents improved triage quality and speed, with 47 percent citing greatly improved speed and quality
  • 88 percent reduced the time to respond, contain, and remediate threat, with 44 percent greatly reducing their response and remediation times

Want the full results? Download the full report, sponsored by Swimlane.


*** This is a Security Bloggers Network syndicated blog from Swimlane authored by Julie Rockett. Read the original post at: https://swimlane.com/blog/2020-soar-report-highlights/