- Cyber Security Automation and Orchestration
- Posts
- SOAR and Hyperautomation Platfoms
SOAR and Hyperautomation Platfoms
comprehensive list and analysis
Welcome to the latest edition of the Security Automation newsletter! You're receiving this because you've made it onto the exclusive list that brings you the greatest and latest in cybersecurity automation.
A quick heads-up before we dive into the meat of today's topic: I've shifted my newsletter from Substack to Beehiive. Why, you ask? Well, it turns out Substack's offerings for our free subscriber friends were a bit on the lean side, and I'm all about ensuring everyone gets the full scoop without hitting paywalls or missing out on features.
Now, onto the main event: Let's unravel the mysteries of Security Automation and Orchestration platforms together. I'm here to streamline your search by bringing all the noteworthy SOAR platforms into one easy-to-navigate spot. If your appetite for knowledge knows no bounds, IT Harvest's extensive database is a treasure trove worth exploring.
So, here's the scoop: As I was geeking out over security automation platforms, it hit me – these bad boys can be lumped into a few key categories. This little nugget of insight shines a light on the SOAR scene, showcasing where things are at and the unique strengths on the table. Roll back six or seven years, and SOAR platforms were like lone wolves. But as companies started sweating over the budget for yet another platform, we saw SOAR capabilities getting cozy with existing systems like EDR, XDR, Network Security, and SIEMs, beefing them up with extra powers.
Now, Ross Haleliuk has this knack for breaking down the cybersecurity consolidation scene in his Venture In Security article.
When people say the word “consolidation”, they usually mean a market trend that leads to a reduction in the number of security tools. In simple words, “We have too many security products, and that’s just not sustainable. The market will consolidate, and we will end up having fewer tools”. This, however, is a great oversimplification of reality, and taking this angle doesn't help us understand what is actually happening.
There are three types of "consolidation" happening in cybersecurity: industry consolidation, spend/tool consolidation, and platformization. Each of these three trends is somewhat independent, yet all three are fully interconnected.
Do yourself a favor and check out Ross's piece for a deeper dive into this trend. It's a solid foundation for understanding how SOAR platforms are evolving amid these consolidation waves. Initially, the focus was on spend/tool consolidation, with SOAR just being another item on the security team's to-do list. Fast forward, and platformization became the new black, especially within the realms of SIEM and EDR/XDR, with big names scooping up SOAR capabilities, often through acquisitions. Today, the legacy SOAR scene is pretty much a part of bigger platforms like Palo Alto (think Demisto), Google Chronicle (cue Siemplify), and Splunk (hello, Phantom).
Threat Intel platforms are also getting a piece of the consolidation action. They're at this crossroads where they're pricey and need a dose of automation and orchestration to turn threat intel data into something you can actually act on. This is more of an industry consolidation vibe, with many TIP platforms blurring the lines with SOAR functionalities.
Yet, there's still a camp of platforms standing tall, untouched by the consolidation wave. These are the gems offering the freshest security automation and orchestration features(or we have the new hype of hyperautomation), a golden ticket for organisations after dedicated solutions.
Let's talk platforms. I've rustled up a list from Gartner and some detective work of my own. Missed a name? If you're a vendor flexing SOAR muscles, hit me up, and I'll make sure to add you to the roster.
Security Automation and Orchestration Landscape
If you're enjoying my newsletter, why not start your own? Grab your 30-day trial and a 20% discount here:
If you want to get on a call and have a discussion about security automation, you can book paid consultancy here:
Here's how I've broken them down:
Standalone: The rebels of the bunch, these platforms don't play favorites and bring you the crème de la crème of automation and orchestration
Pros ➕
Vendor-neutral: Swap your EDR or SIEM, and all you've got to do is tweak your automations.
Cutting-edge: Standalones often lead the pack with their advanced features.
Quick on the draw: Expect new features faster than you can say "cybersecurity."
Cons ➖
Complexity: Another platform to master and integrate into your security diet.
Pricey: These platforms can be a tad more expensive, considering you're paying for a standalone experience.
SIEM: The multitaskers, offering SOAR as a side dish to their main SIEM course, often courtesy of mergers or acquisitions.
Pros ➕
Seamless integration: Automations living in your go-to alert review tool can be a budget and learning curve saver.
Cons ➖
Multi-SIEM migraines: Juggling automations in a multi-SIEM setup? Brace yourself.
Ecosystem lock-in: They love playing within their sandbox, making external tool integrations a bit of a stretch.
Migration headaches: Switching SIEMs? Get ready to rewrite those automations from scratch.
EDR/XDR/Network Security Platforms: These guys weave automation into their domain-specific fabric.
Pros ➕
Automation plus: Tailored automation features that extend beyond the basics.
Speedy incident response: Cut down on response times with built-in automation.
Cons ➖
Integration woes: Balancing these platforms with, say, a SIEM can be tricky.
Basic external tool friendship: Their external tool integrations? Pretty basic.
Threat Intelligence Platforms: The intel gatherers, now with added automation to streamline threat data processing.
Pros ➕
Intel on steroids: Automation turbocharges the threat intel process.
Rich integrations: These platforms play well with a variety of threat intel feeds, SIEMs, and EDR tools.
Cons ➖
Another cook in the kitchen: Adds another layer of complexity to your security setup.
SOAR overlap: For tasks beyond intel ingestion and processing, standalone SOAR might be your ticket.
Other: A mixed bag of platforms catering to niche needs or adding a twist to existing systems.
Vendor | Forte |
---|---|
Standalone/HyperAutomation | |
Standalone/HyperAutomation | |
Standalone/HyperAutomation | |
Standalone | |
Standalone | |
Standalone/HyperAutomation | |
Standalone | |
Standalone | |
XDR/Newtork/Standalone | |
XDR/Threat Intel | |
EDR/SIEM | |
EDR/SIEM | |
SIEM/EDR | |
SIEM | |
SIEM | |
SIEM/XDR/NDR/TI | |
SIEM | |
SIEM | |
SIEM | |
SIEM/EDR | |
SIEM | |
SIEM | |
SIEM | |
SIEM | |
Standalone | |
Network/EDR | |
EDR | |
Network/EDR | |
XDR | |
EDR/SIEM | |
Network | |
EDR/Standalone | |
Threat Intel | |
Threat Intel | |
Threat Intel/XDR | |
Threat Intel | |
Threat Intel | |
Threat Intel | |
Threat Intel | |
Threat Intel | |
Case Management/Infrastructure | |
Infrastructure | |
Infrastructure | |
CodeScan | |
RPA | |
General Automation |
Wrapping up, this stroll through the SOAR park reflects my hands-on experience and deep dive into these platforms. Hoping this guide helps you find your perfect Security Automation and Orchestration or Hyperautomation match and navigate the ever-evolving cybersecurity landscape with a bit more ease. Cheers to bolstering our defenses with the right tools in our arsenal!
Are you passionate about cybersecurity and eager to stay ahead of the curve? Become an Ultimate Supporter of our blog and gain exclusive access to cutting-edge content, while playing a pivotal role in sustaining our community.
By joining the Ultimate Supporter tier, you decide how much you wish to contribute, directly aiding in the maintenance and growth of our website. Your support helps us cover essential costs, ensuring we can continue to deliver top-notch insights and tools for engineers and cybersecurity leaders.
As an added benefit, each Ultimate Supporter will receive a link to the editable versions of the visuals used in our blog posts. This exclusive access allows you to customize and utilize these resources for your own projects and presentations.
Join us today and be part of a movement that drives innovation and security in the digital world. Your contribution, big or small, makes a significant impact. Let's secure the future together!
Reply