Gartner, the renowned business intelligence firm, has recently stirred up controversy by deeming the concept of “security orchestration, automation, and response” (SOAR) as obsolete before reaching its plateau of success. This designation has left customers and vendors alike questioning the future of this once-promising technology.
The term SOAR was first introduced by Gartner seven years ago to describe integrated security operations that could detect threats, use playbooks to enhance incident response efforts, and even automate the response process. However, the landscape of security automation has evolved, leading to Gartner’s assertion that SOAR has become overshadowed by other products and services that offer similar functionalities.
Eric Ahlm, a senior director analyst at Gartner, noted that the components of SOAR have been absorbed into various products and services, rendering the standalone SOAR platforms less relevant. Companies have shifted their focus towards solutions that offer better integration, automation, and visibility, such as extended detection and response (XDR) and security event and information management (SIEM) platforms.
Despite Gartner’s pronouncement, some industry players still advocate for the value of dedicated SOAR platforms. Palo Alto Networks, for instance, has seen marked success with its Cortex XSOAR technology, automating manual tasks and significantly reducing incident response times. Swimlane, another company in the cybersecurity space, emphasizes the necessity of a centralized hub like SOAR for effective incident response.
Looking ahead, the integration of artificial intelligence (AI) and automation is expected to shape the future of security operations. As AI capabilities evolve, there is a growing sentiment that AI-enabled platforms could potentially outshine traditional SOAR systems by providing more efficient threat detection and response mechanisms.
In conclusion, while Gartner’s assessment may have raised questions about the future of SOAR, it is evident that the evolution of security automation is driven by a combination of AI, automation, and the proliferation of cybersecurity products. The industry is likely to witness a shift towards more sophisticated platforms that leverage AI and automation to streamline security operations and enhance overall efficiency.