Enterprise Security Orchestration Platforms – Gravitating Towards AI-Enabled Tools and Contextual Indicators

October 2020  The traditional enterprise security platform is evolving. They now incorporate more capabilities into a single enterprise SOAR (security orchestration, automation, and response) platform. The SOAR value proposition has become more evident during the COVID-19 pandemic, because organizations require multi-functional capabilities to secure themselves against new threats. These tools help solve security challenges resulting from a distributed workforce, more BYOD devices, and cloud solutions.  This trend is examined in Avasant’s new report, ENTERPRISE SECURITY ORCHESTRATION PLATFORMS 2020 RADARVIEW ™a comprehensive study on the security orchestration platforms marketplace. It features industry-first insights, analysis, and a close look at the leaders, disruptors, innovators, and challengers in this market.  This report helps enterprises identify the right enterprise security orchestration platform for their needs. It assesses platform providers based on their automation capabilities, number of predefined playbooks, built-in integrations, flexibility in pricing models, efforts to reduce TCO, maturity, and scale of operations. It also highlights the key market trends and Avasant’s view of the enterprise security orchestration platform providers over the next 12 to 18 months. We evaluated 20 providers of enterprise security orchestration platforms, using a rigorous methodology across three dimensions (product maturity, enterprise adaptability, and innovation roadmap). The report recognizes 14 providers that brought the most value to the market over the last 12 months. These are presented against key metrics to help buyers differentiate between market products and find the right solution to fit their needs.  The report recognizes tool vendors in four categories:  

• Leaders: Splunk, LogRhythm, IBM, RSA 
• Innovators: Palo Alto Networks, Rapid7, Microsoft 
• Disruptors: Exabeam, FireEye, AT&T Cybersecurity 
• Challengers: Fortinet, Securonix, Micro Focus, Siemplify 

Figure 1 from the full report illustrates these categories:      “During a year of radical change, companies should be prepared to address changes in how both employees and customers engage with businesses, driving further digital transformation,” Avasant’s Associate Director Mark Gaffney said. “While technologies such as mobility, virtualization, cloud, and collaboration tools are transforming many enterprises, they have also expanded the risk perimeter security threats. With many more devices connected to the network, the security team needs to automate the incident response processes and integrate disparate security tools into a single enterprise SOAR platform.”  The report also highlights other trends, including the following: 

1. Tools are maturing from SIEM(security incident and event management) to SOAR and utilizing centralized tools: 

• The rise in the threat landscape has led to a greater need for SIEM providers to expand the scope from a few data sources, such as firewalls and intrusion detection systems, and enhance interoperability with new security tools. These include endpoint detection and response (EDR), user and entity behavior analytics (UEBA), and network traffic analysis (NTA) tools. 
• Many cybersecurity providers have also jumped on the SOAR bandwagon via acquisitions. 

2. Focus ona cloud-first approach toward business models and product strategy: 

• Seeing the rising demand for SaaS-based solutions, all the major security platform providers have introduced cloud-based versions of their platforms. This brings the functionalities of on-prem solutions and reduces the time to deploy along with ease of administration and maintenance of the platform.  
• As firms modernize their IT infrastructure or migrate apps to the cloud, security platform providers have started offering unlimited data plans, allowing users more flexibility. 

3. Providers are deploying an ecosystem and service-centric approach:

• As part of the larger ecosystem strategy, some of the leading platform providers introduced free community edition, free foundational training courses, online community and marketplace to enable their customers and partners to experiment and start small. 

• These providers are also offering customised implementation support, architecting, and configuration, and enabling Centre of Excellence development on request basis. 

4. Roadmapsare focused on playbooks, built-in integrations, and AI-driven engines 

• Security platform providers continue to augment their portfolios, focusing on efficient threat remediation. This includes building structured and dynamic incident response playbooks to support customized workflows and help reduce mean time to resolution (MTTR). 
• SOAR providers have also been expanding with newer integrations with the leading security providers to deliver end-to-end security. Lastly, they are developing AI-enabled tools for improved threat remediation. 

“Data theft and ransomware are becoming significant threat vectors,” Avasant’s Research Leader Gaurav Dewan said. “Because of that, a proactive security approach that includes measures such as threat hunting, threat deception, threat prevention, and threat intelligence becomes imperative. Security platform providers, understanding the evolving security landscape, have augmented their platforms to deal with the new realities.”  The report features RadarView profiles of the top 14 platform providers and their security orchestration solutions.   This Research Byte is a brief overview of the full Enterprise Security Orchestration Platforms 2020 RadarView™ report (click for pricing).