blog に戻る

2020年07月29日 Davor Karafiloski

Gartner SOAR Magic Quadrant: The best of Cloud SOAR is yet to come

While Gartner hasn’t released the SOAR Magic Quadrant, we are happy to announce that for two consecutive years, DFLabs (now Sumo Logic) has been included in the Gartner SOAR Market Guide as a relevant, key player in the development of SOAR technology.

On an annual basis, Gartner releases its Magic Quadrant Guide, which includes all the major competitive players in a specific technology industry based on meticulous research, each dedicated to a specific market. The end goal is to assist clients in making well-informed decisions prior to investing in a certain technology by allowing them to assess how well technology providers achieve their vision and how they perform according to Gartner’s ranking criteria.

Before Gartner releases its SOAR Market Guide, let’s take a look at all you need to know to become familiar with how Gartner evaluates vendors and creates its Magic Quadrant.

How does the Gartner Magic Quadrant work, and why is it relevant?

Gartner is an IT consulting firm that works on the concept of market research, where they rely on their own proprietary data analysis to correctly convey market trends for several specific technology industries.

Gartner updates their reports annually and rates industry vendors in a proprietary manner according to the following criteria:

  • Completeness of vision, meaning how successful the vendor is in accomplishing its own goals.

  • Ability to execute, ranking the vendors depending on how well they have been able to execute against their current vision.

Furthermore, based on the results and how well the vendors comply with these criteria, Gartner divides players into four distinct quadrants:

  • Leaders: Vendors in the industry that are positioned as innovators that have a good grasp at what the market needs and have accumulated the highest score based on Gartner’s ranking system for their completeness of vision and ability to execute.

  • Challengers: A vendor in the industry that is on the rise and executes its vision well enough to challenge the leaders. The quality of their products is similar to the ones provided by the leaders, and the credibility of their brand is improving.

  • Visionaries: A vendor in the industry that creates innovative products but has not yet captured a credible market growth or considerable profit.

  • Niche players: Vendors that craft products particularly focused on a narrow market or larger vendors that have difficulties establishing and executing their vision.

While Gartner doesn’t reveal specific details regarding its methodology, it certainly helps clients understand everything they need to know about their ranking. One particular piece of advice they share, which we deem noteworthy, is that the leaders of a specific market don’t necessarily have to be the best ones for your specific needs. A niche player may very well do a better job of satisfying your needs than a market leader. It all depends on how well the vendor is aligned with your goals and needs. This is why meticulous, well-thought-out research is necessary prior to choosing a vendor in a specific field.

Gartner’s relevancy lies in the fact that the Magic Quadrant report gives a tangible representation of how well vendors are advancing in a particular industry, and the rankings and results only exist to give clients an objective perspective when contemplating on a particular vendor or industry.

Even though Gartner still doesn’t create SOAR Gartner Magic Quadrant, for the past couple of years Gartner has generated a Gartner Market Guide for SOAR. To provide you with a better understanding of how the 2020 Gartner Magic Quadrant for Security Orchestration, Automation and Response would work, first, let’s take a look at the SIEM Gartner Magic Quadrant.

SIEM Gartner Magic Quadrant

It’s very likely that the SOAR Magic Quadrant will follow the structure and form of the SIEM Gartner Magic Quadrant, as both technologies are closely intertwined in the real world. As Gartner summarizes, security and risk management leaders are constantly on the lookout for security information and event management (SIEM) solutions that have the capacity to vastly increase their threat hunting capabilities, reduce alert detection dwell time, and boost their response time. According to their research published on 28 February 2020, Gartner labels the following 16 vendors as leaders in the industry:

  • AT&T Cybersecurity

  • Dell Technologies (RSA)

  • Exabeam

  • FireEye

  • Fortinet

  • HanSight

  • IBM

  • LogPoint

  • LogRhythm

  • ManageEngine

  • McAfee

  • Micro Focus

  • Rapid7

  • Securonix

  • SolarWinds

  • Splunk

Thanks to this assessment by the SIEM Gartner Magic Quadrant, organizations will be able to carefully contemplate the perks and downsides of the top vendors in the market and better understand their strengths and weaknesses.

The reason why we mentioned the SIEM Gartner Magic Quadrant is that SIEM as SOAR, as contemporary technologies in cybersecurity, work very closely together, and the growth of SIEM as technology is closely tied to the growth of SOAR in the future. Granted, SIEM as a term was coined in 2005, while SOAR rose to prominence in 2017, but the operations of both these technologies are closely intertwined.

How SIEM and SOAR work together in cybersecurity

Many organizations rely both on SOAR and SIEM to drive their cybersecurity defense. That is because SIEM and SOAR do not contradict one another, yet they complement each other’s strengths and actually make each other better by collaborating:

  • SIEM: This is basically an alert-detection technology that is virtually unmatched at detecting threats to keep analysts up to date with every event inside the organization. However, SIEM’s job stops at detecting, and the technology itself cannot take remediation actions to nullify potential threats. Plus, the technology has to be constantly tweaked and overlooked by analysts, which is time-consuming.

  • SOAR: SOAR stands for Security Orchestration, Automation and Response. While SOAR can’t match SIEM’s alert-detecting capabilities, it does so much more by bringing automation and orchestration to the table. By using automation and machine learning, SOAR is able to automate a wide range of repetitive and mundane tasks, thus replacing analysts from having to complete the task themselves.

The problem with SIEM is that it generates a lot of alerts, and many of those alerts are not real threats, meaning that they are false positives. This is where SOAR steps in to fill in the gaps, as SOAR is capable of recognizing false positives and telling apart real threats from false ones. This saves much of the analyst’s time, and with SIEM’s alert detecting capabilities and SOAR’s machine learning technology, it is obvious why these two technologies work so well together.

What to expect in the upcoming Gartner SOAR Market Guide for 2020?

SOAR is on the rise, but it can still be considered a relatively new technology. In the Gartner Market Guide for SOAR 2020, we can expect a thorough analysis of the vendors that drive the technology and push their boundaries. The real-world necessity of SOAR is growing as we speak, and the expectations of SOAR are very promising, as the technology is yet to achieve its peak.

Gartner is expected to reveal valuable information regarding SOAR’s top and up-and-coming players, including:

  • How well new markets are meeting user requirements

  • Which vendors particularly contribute to the growth of SOAR

  • Which emerging trends are notable for your future plans in the industry

Ultimately, with the Gartner Market Guide for SOAR 2020, users will be able to manage the risk of investment by possessing valuable insights that reveal the trajectory of the entire SOAR industry. Gartner analyzes the current trends in the market and also shows predictions regarding future trends and how the industry will evolve.

Cloud SOAR will continue to evolve

It is the second year in a row that Sumo Logic is mentioned as one of the top SOAR vendors by Gartner’s Market Guide. We at Sumo Logic are proud of this achievement, as our dedication to making Cloud SOAR a state-of-the-art solution continues to be valued:

  • Sumo Logic is the only vendor with three patents regarding its SOAR technology

  • Cloud SOAR is the most open SOAR solution, providing integrations with over 200 of the most popular security tools

  • Unique case management functionality which generates thorough information in over 100 customizable fields

Sumo Logic has one eye set on flawless quality and another set on paving a new road for Cloud SOAR by setting new standards and trends with each passing day. Our goal is to continue shaping Cloud SOAR into a highly customizable SOAR solution that aligns with the needs of every organization, enhances the effectiveness of every other tool it interacts with andboosts the productivity of every security professional within the security platform. And we can only promise to keep on sculpting Cloud SOAR as a top solution in the SOAR industry with more desire and determination than ever before.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic cloud-native SaaS analytics

Build, run, and secure modern applications and cloud infrastructures.

Start free trial
Davor Karafiloski

Davor Karafiloski

SEO and Content Marketing Specialist

More posts by Davor Karafiloski.

これを読んだ人も楽しんでいます