Key Takeaways from the 2020 Gartner Market Guide for SOAR

by Nimmy Reichenberg on September 23, 2020

The much-awaited 2020 Gartner Market Guide for Security Orchestration, Automation and Response (SOAR) Solutions has arrived! As you can expect from Gartner, the report does an excellent job of outlining the latest trends and developments of the red-hot SOAR market.

Here are some of the highlights of the report, along with additional commentary based on what we at Siemplify are seeing as the #1 independent SOAR provider.

SOAR Continues to Deliver On Its Promise

As the SOAR market matures, organizations are getting better at operationalizing the technology, understanding what it can (and can’t) do and are extending SOAR to new areas. In the words of Gartner: “The SOAR market continues to build toward becoming the control plane for the modern SOC environment, with the potential of becoming the control plane for a variety of security operations functions. e.g., vulnerability management [VM], compliance management and cloud security).”

Service Providers Are Flocking to SOAR

As the most MSSP-focused SOAR platform on the market, we could not agree more with Gartner that “SOAR plays an essential role in helping security services to provide services that include remote response.” MSSP and MDR providers are realizing incredible benefits from SOAR which go far beyond operational efficiency and extend to new revenue-generating services, as well as a differentiated customer experience.

Sponsorships Available

Video Case Study: Watch how an MDR provider has transformed its security operations with Siemplify

SOARing to the Cloud

As the first leading SOAR provider to deliver a cloud-native solution, we were pleased to see Gartner acknowledge cloud-based SOAR as a viable solution. Cloud is particularly relevant in these times where a global pandemic has forced a shift to remote security operations. (We are big believers that remote security operations is here to stay.)

The Rise of “SOAR-Lite”

With more appetite to automate security tasks than ever before, it’s hardly surprising that many products, such as threat intelligence platforms (TIP), email security and extended detection and response (XDR) are adding basic automated workflows to their products. For the first time, Gartner makes the distinction between what they call “product-level SOAR” and “broad-based SOAR” providers (such as Siemplify) with the latter focused on addressing more extensive security operations needs and including many more integrations, case management functionality, robust reporting and several other capabilities. Truth be told, we practically never compete with “SOAR-lite” solutions, probably since they have a narrow focus whereas we mostly engage with security teams who are not just looking for basic automation of a single use case.

Ease of Implementation Counts

Gartner correctly notes that organizations must think about their processes before jumping to implement a SOAR solution, and cites low process maturity as an obstacle to implementation. At Siemplify, we have given a lot of thought to speeding up “time-to-value” and invested heavily in our use-case marketplace, which allows even less mature organizations to hit the ground running with ready-to-deploy packaged use cases.

Independence Matters More Than Ever

With a flurry of acquisitions in the SOAR space, it may be easy to forget how important it is for a SOAR solution to be vendor-agnostic and not favor technology from any single vendor. It was fufilling to see Gartner reiterating this point in the clearest way possible: “SOAR products must be vendor-agnostic to maintain value due to integration. This will be the reality for some time. Independent solutions will continue to do a better job with their singular focus on roadmap execution and will be better at being ‘vendor-neutral’ with available integrations.”

Nimmy Reichenberg is CMO at Siemplify.