"Orchestration and automation, incident and case management, and operationalizing threat intelligence are expected functionality for SOAR tools. However, these capabilities are also being embedded in existing security technologies, such as security information and event management, extended detection and response (XDR), and email security." Recently, Gartner officially released the 2022 Market Guide for Security Orchestration, Automation and Response Solutions report, which provides a detailed analysis of the market trends of SOAR and gives relevant recommendations to help government and enterprise organizations on how SOAR can support and optimize the broader security operations capabilities. In the report, QAX is named as one of the Representative Providers.

Gartner defines SOAR as "solutions that combine incident response, orchestration and automation, and threat intelligence platform management capabilities in a single solution". "SOAR tools can be used for many security operations tasks, including: to document and implement processes, to support security incident management, to apply machine-based assistance to human security analysts and operators, and to better operationalize the use of threat intelligence. Workflows can be orchestrated via integrations with other technologies, and automated to achieve desired outcomes — example use cases include: incident triage, incident response, TI acquisition curation and management, and other newer use cases like low code solutions." Gartner describes this market as, "SOAR solutions are the amalgamation of three historically distinct technologies that have some common attributes and some common users consuming them. These technologies were historically distinct and offer utility to security operations teams in the form of a product that can relieve significant amounts of manual labor for a number of security operations functions."

Meanwhile, Gartner mentions in this market guide that there are five strongly recommended requirements to consider when selecting a SOAR solution:

1)     Support a wide range of security products across multiple existing point solution markets.

2)     Support the ability to do event correlation and aggregation for the purpose of improving security operations processes and alerting with better event enrichment. A key way to do this is through the implementation of low-code “playbooks,” which allow for the codification of processes where automation can be applied to improve consistency and time savings.

3)     Have the ability to be deployed either on-premises or as a cloud solution (like SaaS).

4)     Support the ingestion of a wide variety of sources and formats of threat intelligence from third-party sources, supporting open-source, industry, government and commercial providers.

5)     Bidirectional integrations with IT operations solutions like ticketing systems for case management and collaboration tools, like messaging applications for better real-time communications.

Gartner says that "commercial SOAR vendors can be grouped into two categories — product-portfolio oriented, and broad-based SOAR vendors" and compares the most common use cases, such as "SOC optimization; process automation and analyst collaboration; threat monitoring, investigation and response; and management and operationalization of threat intelligence". In addition, an evaluation of SOAR technology benefits should include "alert triage and prioritization, process orchestration and automation, case management and collaboration, dashboard and reporting, Operationalization of threat intelligence and investigation".

QAX SOAR, which has been listed in many China and international authoritative reports, is also named as one of the representative SOAR vendors by Gartner. QAX SOAR has five key capabilities that differentiate it from other similar products - security capability orchestration, security process automation, intelligent alert response, collaborative case management and open system architecture. In addition, the newly added chatbot-based cooperative war room function of QAX SOAR can also allow security analysts to communicate in real time, along with a large number of build-in scripts and commands, so as to further improve the efficiency of human-machine collaboration.

As Gartner says: " The security technology market is in a state of general overload - with pressure on budgets and staff, and too many point solutions being pervasive issues for organizations. In principle, automation continues to show promise to assist with many of these persistent issues." In response to this situation, QAX SOAR can help enterprises and organizations sort out complex security operations (especially security response) processes into workbooks (COAs) and playbooks, transform distributed security tools and functions into programmable applications and actions, and integrate teams, tools and processes through orchestration and automation technologies, effectively solve the problems such as insufficient security operations response personnel, untimely response to security incidents, repeated operations and maintenance, and lack of coordination and among security systems.

Gartner says that in terms of market direction, " The SOAR market remains niche overall in the broader security marketplace and is primarily consumed by organizations that have larger and more-mature security operations programs, as well as by security services providers. As awareness of the need to apply automation in security operations improves, SOA-specific capabilities are emerging in other security technologies. SOAR has become a feature of other security technologies and services, and SOAR continues to connect disparate solutions and create a control plane for secure operational environments."

Based on the comprehensive product system of QAX, QAX SOAR and the company's NGSOC have jointly formed a security analytics suite solution, and can also form a special solution together with other products of the company (such as SkyEye NDR, Jawto CWPP and Tianqing EDR), which plays a collaborative role in various solutions.

Source:

Gartner Market Guide for Security Orchestration, Automation and Response Solutions, by Craig Lawson, Al Price, Date: 13 June 2022

Disclaimers:

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used here in with permission. All rights reserved.