Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response (SOAR) Solutions reflects the rapid evolution and maturity of the market and SOAR vendors. As Gartner states, “The security technology market, in general, is in a state of overload, with pressure on budgets, staff shortages and too many point solutions. Customers often cite problems with an overload of events or alerts, complexity and duplication of tools. As a general practice, automation promises to solve many of these problems and, in cybersecurity, SOAR is the primary vehicle for this functionality.” We believe that security services providers, specifically managed security services providers (MSSPs) and managed detection and response (MDR) services providers, are also adopting SOAR to help customers contain or disrupt threats and limit damage to their environment and operations. For this constituency of SOAR users, bi-directional integration with customers’ and/or their own technologies is paramount.

In this new report, Gartner divides vendors into two categories: 1) product-oriented SOAR providers that include SOAR capabilities within their own products, and 2) broad-based SOAR providers that can receive inputs from many other security products and organize the SOC’s workflow. The report puts ThreatQuotient and the ThreatQ platform squarely in the broad-based SOAR category. 

Our approach to SOAR platforms starts with the threat because we believe you cannot defend against what you do not understand. Automate noise and the result will be amplified noise. A data-driven approach to SOAR provides high confidence in the intelligence being used, the decisions that are made and confidence in the automation applied to workflows. We also believe that full circle automation is the wave of the future. SOAR platforms must enhance existing tools through bi-directional integration to accelerate and improve security operations.

Gartner shares that their customers’ most common use cases for SOAR are: SOC optimization; threat monitoring, investigation and response; and threat intelligence management. Whatever the use case, Gartner recommends five key criteria organizations use to evaluate SOAR platforms. Briefly, here’s how ThreatQ addresses each. 

• Alert Triage and Prioritization: Organizations need a deeper understating of their threat landscape. The ThreatQ platform acts as a central repository for global threat intelligence and internal threat and event data, defining the intersection and ensuring relevance to a specific organization. Customer-controlled prioritization based on the organization’s risk profile and their own set of scoring parameters brings focus – not “global” risk scores published by some threat intelligence providers. With these parameters in place, ThreatQ automatically filters out what is noise for the customer and reveals the right priorities for action. The self-tuning Threat Library learns and improves over time and continuously reprioritizes so that teams stay focused on what matters. 
• Orchestration and Automation: Automate previously manual tasks from daily workflows, like aggregating, normalizing and prioritizing data via the Threat Library, and make advanced tasks like investigations more efficient and effective with the Adaptive Workbench and ThreatQ Investigations that make it easier for teams to work together. Our Open Exchange enables bi-directional integration, allowing the ThreatQ platform to aggregate data from external and internal sources and systems, and send curated threat intelligence to all the tools necessary within your environment.
• Case Management and Collaboration: Increase collaboration, coordination and communication within and across teams with our Adaptive Workbench that streamlines analysis by allowing teams to work from a common data set using existing tools and processes, and ThreatQ Investigations, the industry’s first cybersecurity situation room.
• Dashboard and Reporting: Embedded visualization and documentation in a shared environment enables shared understanding and focus throughout the analysis process. Key performance indicators (KPIs) allow security teams and leadership to demonstrate steady program improvement to key stakeholders and executive management.
• Threat Intelligence and Investigation: Threat intelligence is the lifeblood of security operations and critical to ensure a SOAR platform is executing the right actions and using the right data. We have deep roots in threat intelligence management with our ThreatQ platform. Additionally, our ThreatQ Investigations is designed for collaborative threat analysis, shared understanding and coordinated response. The Evidence Board fuses together threat data and user actions to determine right actions to take faster. Users can build incident and campaign timelines to accelerate understanding and share with others for collaboration and coordinated response.

SOAR platforms are evolving towards what ThreatQuotient has been building out for years – a “full featured” security operations platform designed to provide companies the relevant, contextual intelligence and automation needed to support multiple teams and capabilities. 

To learn more about the SOAR market and how ThreatQ fits in, download your copy of the new 2020 Gartner Market Guide for SOAR now.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

Gartner Market Guide for Security Orchestration, Automation and Response Solutions , Claudio Neiva, Craig Lawson, Toby Bussa, Gorka Sadowski,21st September 2020