The Google build of Siemplify is an attractive punch for SOAR alone
Google announced the acquisition of Siemplify, an orchestral security, automation and response (SOAR) tool, last Monday. Unsurprisingly, Google Cloud gets a built - in SOAR tool in and of itself - this has been a missing piece for its Chronicle offering that other security analytics platforms have added in for several years.
What is interesting, however, is the timing of this construction, which will come years after the phase of SOAR purchases from 2022-2022. Siemplify was one of the few left as SOAR stand-alone, as most other independent SOAR vendors acquired or multiplied the package with other products such as threat information platforms (TIPs) .
In some ways, that makes this a solid construction, as it marks the very end of the SOAR by itself. Forrester made an early prediction that the SOAR market could not stand on its own, and with that five years ago, it's beginning to feel that we're making the point. Here's the bottom line: The SIEM has been seamlessly transitioned to a more complete security analysis platform, incorporating SIEM, SOAR, and SUBA in a single offering.
Just offering a piece of the puzzle - SOAR, SIEM, or SUBA - is not enough. Security teams want a unified security analysis platform that they can use throughout the entire incident response lifecycle, from search to investigation to response orchestra…
SOAR is part of a larger set of SecOps capabilities
Security teams now have one SOAR that is not so unique to choose from. This is detrimental in some ways as some practitioners prefer to use a separate, independent SOAR offer. They find that the depth of integration available is more powerful and they prefer a machine and the vendor behind it to focus entirely on automation development in the SOC.
While SOAR alone is becoming increasingly rare, SOAR remains in many forms. There are benefits from a tightly integrated SIEM and SOAR security analysis platform. A combined tool can help you implement more sewing automation and streamline the whole event response life cycle in one place. It also gives you one smaller vendor to manage, and data from the latest Forrester Analytics Business Technographics® Security Survey shows the security benefits of looking to secure security tools.
Buying SOAR as a stand-alone place as part of a broader platform is the best classic debate of the breed versus best series. The tricky part, though, is that SOAR is the support function, not the main line. This makes things a little more complicated - as you can find in the SOAR flavors below.
Consider the different flavors of SOAR and the dangers of each:
Unified security analytics platforms it can provide tight integration and simpler user experience. The main challenge with these vendors is to make sure they stay at the forefront - large resources of products tend to lead somberly about innovation and bloat.
Analytical security packages try to balance the best of what SOAR alone has to offer while delivering that integration (but this makes them more likely to fail at both as a jacket of all trades). If those vendors are struggling with one element of their SOAR offering, they are more likely to integrate with other vendors than their own devices.
SOAR + TIP + help. Retailers, or those with additional focus areas, will build on the merger between SOAR and the other nearby offerings. This can be unique and will give them a way to remain independent while still gaining ground in different markets. Combining SOAR and TIP capabilities also helps to process threat information in the SOC.
SOAR apart it can have great depth of integration due to its independence and the single focus on building better automation for the SOC. Even if you choose SOAR by itself, it may not be by itself for much longer.
This post was written by Analyst Allie Mellen and appeared first here.