This post is inspired by an idea (and a visual) from my esteemed colleague Toby Bussa.
It reflects our view that while you have TWO major routes to security orchestration, automation and response (SOAR) success, only one of them is in fact “right” for most organizations. And the other is “right” for a very select few of elite organizations, and in fact “wrong” and painful for most others.
Essentially, you have TWO DOORS TO SOAR.
- “Automation / orchestration first” – this path leads most to ruin, but it did lead some enlightened elite organization to raging success with SOAR
- “Workflow / case management first” – thus path is unglamorous, but it is the one where we see more success for most mainstream organizations that are seeking to adopt SOAR.
There you have it, pick the door and go.
And, no, we are not doing any new SOAR research at this time, and there are no solid plans to do so. Perhaps next year?
Blog posts related to SOAR:
- SOAR-native SOC, Can This Work?
- SOAR Webinar Questions – Answered
- Our Security Orchestration and Automation (SOAR) Paper Publishes
- SOAR and Ticketing: Friends, Frenemies or the Same thing?
- SOAR and “Curve-jumping” in Security Operations
- SOAR: Magic or Mundane?
- SOAR Research Coming … Brace for Impact!!
- SOAR research is coming! (by Augusto)
- Security: Automate And/Or Die?
- Security Without Security People: A [Sad] Way Forward?
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.