



Last Monday, Google announced the acquisition of Siemplify, a security orchestration, automation, and response (SOAR) tool. It’s not surprising that Google Clouds has acquired the SOAR tool. This is a missing part of the Chronicle product that other security analytics platforms have incorporated over the last few years.

However, what is interesting is the timing of this acquisition, a few years after the succession of SOAR acquisitions from 2018 2019. Siemplify was one of the few remaining holdouts as a standalone SOAR, as most other independent SOAR vendors acquired or diversified their portfolios. Use with other products such as Threat Intelligence Platform (TIP).

In a way, this is a big acquisition as it marks the true end of standalone SOAR.Forrester early predicts that the SOAR market will not be self-sustaining, five years ago. Thinking about it, it’s like we’re working out the point. In short, SIEM has been irreparably transformed into a more comprehensive security analytics platform that integrates SIEM, SOAR, and SUBA into a single product.

Providing puzzle pieces in SOAR, SIEM, or SUBA is not enough. Does your security team want an integrated security analytics platform that can be used throughout the incident response lifecycle, from detection to investigation and response orchestration? …

SOAR is part of a larger set of SecOps features

Security teams can now choose to reduce the standalone SOAR offering by one. This is detrimental in some respects, as some practitioners I advise prefer to use separate, independent SOAR products. They want the depth of integration available to be stronger and the tools and the vendors behind them to be fully focused on improving SOC automation.

Stand-alone SOAR is becoming rare, but SOAR still exists in many forms. It is beneficial to have a security analytics platform that tightly integrates SIEM and SOAR. The combined tools implement more seamless automation and help streamline the entire incident response lifecycle in one place. Also, with one less vendor to manage, the latest Forrester Analytics Business Technographics Security Survey data shows that security experts are considering integrating security tools.

Whether to buy SOAR standalone or as part of a wider platform is the classic best and best discussion. However, it’s important to note that SOAR is a supportive act, not a headliner. This means things get a little more complicated, as you can see in the SOAR flavors below.

Consider the different flavors of SOAR and their respective risks.

An integrated security analytics platform can provide tight integration and a simpler user experience. The main challenge for these vendors is that they tend to be content with innovation and bloat by maintaining a large, state-of-the-art product suite. Examples of vendors include Microsoft, Exabeam, LogRhythm, LogPoint, Micro Focus and Securonix. The security analytics portfolio seeks to provide that integration while maintaining the best balance that standalone SOAR offers (although this makes it more likely that both will fail as a jack for all transactions). If these vendors are struggling with one element of a SOAR product, they are more likely to integrate with other vendors than their own tools. Examples of vendors include Splunk, Sumo Logic, Gurucul, IBM, Rapid7, and Palo Alto Networks. Vendors such as SOAR + TIP +, or vendors with other additional focus areas, are focused on merging SOAR with other adjacent products. It is unique and provides a way to maintain independence while establishing a position in different markets. You can also enable SOC threat intelligence by combining the capabilities of SOAR and TIP. Examples of vendors include Cyware, ServiceNow, ThreatConnect, and ThreatQuotient. Standalone SOAR focuses on its independence and building better automation of SOC, allowing for very deep integration. However, even if you choose standalone SOAR, it may not be standalone. Examples of vendors include Swimlane, D3 Security, and Tines.

I will publish a detailed study of SOAR shortly. In the meantime, if you have any questions, please contact us.

