Gartner Blog Network


Our Security Orchestration and Automation (SOAR) Paper Publishes

by Anton Chuvakin  |  February 22, 2018  |  5 Comments

It is with much excitement that we announce the publication of “Preparing Your Security Operations for Orchestration and Automation Tools”, our epic SOAR paper.

Select favorite quotes are:

  • “Test the SOAR tool integration with the tools to be used on your desired use cases. Tool APIs change and some integration implementations provide only partial functionality, and many security product APIs are limited and incomplete.”
  • “The increasing adoption of SOAR solutions today cannot be explained by the drivers described above [well, in the paper – A.C.]. Most of the drivers have existed for as long as enterprise and government SOCs have existed — for decades, not years. However, SOAR tools only appeared in mid-2010s.”
  • “Some SOAR solutions leverage machine learning algorithms to help analysts decide which playbooks to use for each incident. These tools will observe past decisions on playbook selection and leverage them to provide suggestions to analysts according to the characteristics of the incident.” [however, ML in SOAR is not magic, but at best an auxiliary feature, in our view. A cool one, but auxiliary nonetheless]
  • “Notably, few if any SOAR users report using such out-of-the-box playbooks [shipped with SOAR tools – A.C.] without changes, in stark contrast from other security content such as intrusion defense systems/intrusion prevention systems (IDS/IPS) signatures or SIEM correlation rules.”
  • “From a technology infrastructure perspective, SOAR tools are not very complex. Most of the complexity of these tools is related to proper integration with the external systems and services.”
  • “Future security operations, incident response and TI teams will use more automation and more consistent processes, and will have to deal with an ever-increasing number of security tools.” … but … “Gartner predicts broader adoption of SOAR tools, but perhaps not at breathtaking speed.”

Enjoy the paper! [Gartner GTP acces required]

As always, PLEASE PROVIDE YOUR FEEDBACK to the paper via http://surveys.gartner.com/s/gtppaperfeedback

Blog posts related to our SOAR research:

Posts related to paper publication:

Category: announcement  orchestration  security  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Our Security Orchestration and Automation (SOAR) Paper Publishes


  1. […] Anton beat me this time on blogging about our new research, but I’ll do it anyway […]

  2. […] that we are truly done with SOAR, our Testing Security project continues in full force. This post is a bit contemplative, and […]

  3. […] Our Security Orchestration and Automation (SOAR) Paper Publishes (SOAR research) […]

  4. […] Our Security Orchestration and Automation (SOAR) Paper Publishes (SOAR research) […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.