Sarah Crone, Product Marketing Manager
In recent years, the SOAR market has consolidated as larger SIEM providers acquired smaller SOAR vendors to strengthen their security automation and orchestration capabilities. So, what is driving this trend?
Detection is only one part of securing an organization’s environment. Orchestration and automation are essential to achieving end-to-end security incident management. Consolidating detection, investigation, and response into a single workflow makes your security operations more efficient and eliminates gaps in your security. So rather than implementing security tools and retroactively trying to piece them together, we are seeing organizations cry out for more seamlessly integrated, and less complicated tools.
Although you may see the occasional “SOAR is dead” headline, that is simply not the case. There will always be a need for SOAR capabilities, but admittedly the landscape is changing. The next evolution of SOAR will have response and orchestration seamlessly embedded within SIEM platforms, making context-switching a thing of the past.
Securonix Expands Native SOAR Capabilities in Unified Defense SIEM
As an innovator in the SIEM space, we are always looking to arm organizations with best-in-class detection and response. That is why Securonix is expanding the response and orchestration capabilities that come natively with our SIEM and UEBA products. This new feature, SOAR Lite, is designed to allow you to develop simple playbooks and seamlessly extend your existing automation processes with no daily limits. In fact, Securonix is the only SIEM provider offering embedded SOAR capabilities without imposing additional cost or usage restrictions based on daily limits. Features include:
- Simple playbook deployment: Developing simple playbooks with up to five steps is effortless and allows you to automate routine tasks and workflows. You can customize playbooks tailored to your security requirements for incident triage, threat analysis, or remediation actions.
- Integration parity with native response capabilities: We provide a seamless transition for those using our Response Playbook features. You can continue leveraging existing workflows and processes, which are now enhanced with SOAR Lite automation and orchestration.
- Bi-directional integration with Unified Defense SIEM – SOAR Lite is embedded within the SIEM so you can unlock the full potential of your security ecosystem. With this integration, you can automate all the actions manually executed from the Security Command Center. This includes tasks such as triaging low-value alerts, creating incidents automatically, updating look-up tables and watchlists, and more.
- Context-aware playbook selection – You have the flexibility to choose a playbook based on the violation/threat context, and enable dynamic selection of the playbooks. Previously, response playbooks were closely linked to specific policies, threat models, or incidents. With SOAR Lite, playbooks are now aligned with the violation, threat, or actual incident at hand. The introduction of Playbook Trigger Rules (PBTR) empowers you to dynamically choose the appropriate playbooks for your needs.
While many competitors charge fees for expanded SOAR features in the SIEM, we allow you to customize response actions with up to five actions in a playbook. Additionally, we do not limit the number of users who have access to the embedded SOAR capabilities. SOAR Lite offers several OOTB capabilities that include the most commonly used integrations like Active Directory, ServiceNow, Virustotal, Okta, and Crowdstrike, to name a few.
As your organization matures you may need to expand playbooks and integrations to scale your security operations. SOAR Lite is built on the same technology stack as our full SOAR offering so upgrading is as easy as flipping a switch and doesn’t incur any extra costs.
Are you ready to have your orchestration and response act in concert with your SIEM? Contact us to join the Cybersecurity Symphony.