(To download the 2021 SOAR Report, please complete form at right.)
The modern IT security team has a lot to handle: devices around the infrastructure send more alerts than teams can handle, staff burnout leads to trouble retaining talent, and too much time spent on gathering and analyzing information means threat response is too slow and ineffective.
To alleviate this pressure and provide timely and effective threat response, more organizations are adopting security orchestration, automation, and response (SOAR) solutions to automate timeconsuming incident response processes.
Specifically, organizations can use SOAR to enhance security operations in three important areas: threat and vulnerability management, incident response, and security operations automation.
The 2021 SOAR Report is based on a comprehensive survey of cybersecurity professionals to uncover the latest trends, use cases, and benefits of SOAR solutions.
Key findings include:
• Virtually all SOAR users find their solution somewhat useful to extremely useful (92%) in improving their organizations’ overall security posture. Long term users are most positive in their assessment: 64% of organizations that have been using SOAR for more than 5 years consider their solution extremely useful – double the rate of overall users.
• Most organizations in this survey see significant productivity and efficiency improvements from investing in SOAR. Not surprisingly, the more mature and longer-term users see significantly higher gains, with half of the organizations seeing more than 50% improvement.
• More than half of organizations in this survey report significant benefits of using SOAR that is both quantitative, such as reduced mean time to resolution (70%) or maximizing efficiency of security staff (68%), as well as qualitative, such as optimizing the value and utility of already existing tools (55%). In combination, these benefits can lead to additional improvements, including lower turnover of staff and higher morale.
• Organizations use SOAR for various reasons and use cases, depending on priorities and existing security tools. The most popular use cases include threat intelligence (57%), followed by remediating phishing attacks (56%) and SIEM triage (54%). More and more organizations are looking for automation beyond the traditional security priorities and making good use of what a true automation platform can accomplish.
We would like to thank Swimlane for supporting this important research project.