Blog post

Two Doors to SOAR Visual

By Anton Chuvakin | March 08, 2019 | 1 Comment


This post is inspired by an idea (and a visual) from my esteemed colleague Toby Bussa.

It reflects our view that while you have TWO major routes to security orchestration, automation and response (SOAR) success, only one of them is in fact “right” for most organizations. And the other is “right” for a very select few of elite organizations, and in fact “wrong” and painful for most others.



Essentially, you have TWO DOORS TO SOAR.

  1. “Automation / orchestration first – this path leads most to ruin, but it did lead some enlightened elite organization to raging success with SOAR
  2. “Workflow / case management first – thus path is unglamorous, but it is the one where we see more success for most mainstream organizations that are seeking to adopt SOAR.

There you have it, pick the door and go.

And, no, we are not doing any new SOAR research at this time, and there are no solid plans to do so. Perhaps next year?

Blog posts related to SOAR:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed

1 Comment

  • Barbara Kay says:

    I’m a fan of defining policies and processes, automating them, and orchestrating series of them. This is the pragmatic approach that helps security people safely embrace automation and overcome organizational silos.