Looking for the SOAR Magic Quadrant? Start Here

If you came here looking for the Gartner Magic Quadrant for SOAR (Security Orchestration, Automation and Response), let’s get the spoilers out of the way first. No, there isn’t one yet. It doesn’t exist at the time of writing this post. If Gartner releases one, we’ll make sure to update this post and link to it.

In its absence, the next-best resource you can refer to is?Gartner’s 2022 Market Guide for SOAR, which mentions D3 Security as a representative vendor. You can download the latest edition of the report from?our resource library?to get Gartner’s expert analysis and recommendations on the SOAR market.

Quadrant analysis is a powerful decision-making framework that uses a 2×2 matrix as a scatterplot to analyze anything on two parameters. It’s also incredibly simple to do on a whiteboard or a sheet of paper. In this post, we’ll also give you a framework to do your quadrant analysis of the SOAR market and share our perspective on where we see Smart SOAR positioned on it.

What is SOAR, Explained

For those who are unfamiliar with the term, we have an?extensive SOAR 101 page?that does a great job of explaining what SOAR is and why it is important for security teams. Here’s a nugget from that page, to save you a click:

A security orchestration, automation, and response (SOAR) platform collects or ingests data from a variety of sources—SIEM, EDR, cloud, email, etc.—and then orchestrates tailored responses using playbooks that combines security tool integrations, automated workflows, and human input.

Gartner coined the term SOAR in 2017. Since then, this category of cybersecurity software has quickly become an?indispensable capability?for Security Operations Center (SOC) teams.

Magic Quadrant, Explained

The?Gartner Magic Quadrant?is a simple two-by-two matrix visualization that condenses their research and analysis on vendors from a specific tech category. On the horizontal axis, you have Completeness of Vision, and on the vertical axis, you have Ability To Execute. According to Gartner, it uses 15 weighted criteria to plot vendors on the chart. A vendor’s ability to execute is evaluated on parameters such as products/services offered, overall viability, market responsiveness, track record, customer experience, and operations capabilities. Completeness of vision is evaluated on parameters such as market understanding, marketing, sales and product strategy, business model, and more.

The vendors are divided into four quadrants:

Challengers

These companies are usually large and have financial resources, but lack strong vision, innovation, or an overall understanding of market needs.

Leaders

Companies that have a lot of satisfied customers, are financially strong, can influence the direction of the market, and usually have product-market fit.

Niche Players

Companies that cater to a specific industry. They have a limited ability to innovate or beat other vendors in the larger market.

Visionaries

Companies that reflect Gartner’s idea of how a market will evolve but have a less established capacity to deliver on that vision. Visionaries fall into the higher-risk-higher-reward category for vendors and customers.

An important point to note here is that the Leaders’ quadrant isn’t necessarily synonymous with the best in a category. Challengers, Visionaries, and Niche players might be a good fit for you, depending on your business needs.

DIY SOAR Quadrant Analysis: Ability to Execute

Now that you know what a Magic Quadrant is, you can do your own evaluation of SOAR providers based on publicly available information. You can analyze and quantify a company’s?ability to execute?based on:

Quantity and Quality of Integrations

It helps to know if a vendor’s SOAR integrations are vendor-managed or community-made because it tells you who is responsible in case a particular integration doesn’t work, or needs to be updated. At D3 Security, our integrations are fully managed in-house, and we have a large, dedicated team working on adding new integrations and keeping our existing integrations up to date. It’s helpful to note down the number of tech integrations supported by the vendor and correlate it with all the security tools in your SOC. Other points to ponder: Are these integrations deep or superficial? How easy is it to do custom integrations?

Independent or Suite-Based

Is the solution vendor-neutral, or a suite-based solution offered by a tech conglomerate? We strongly believe?independent SOAR is the way to go, as it prevents vendor lock-in, and offers you the freedom to choose the best components in each security domain.

Team Size

SOAR is a complex technology with a lot of moving parts – the size and experience of the development team will have a direct impact on the quality of the code base, the integrations, and the pace with which new features are released and bugs are squashed. While you can easily ascertain the size of a pure-play SOAR company like D3 Security by?checking out our LinkedIn profile, it’s harder to do so for tech conglomerates that acquired a SOAR product.

Reviews on Gartner Peer Insights

Peer Insights by Gartner?is a great resource to evaluate the efficacy of a SOAR product. The reviews are all made by real customers, and you also get to see the industry, firm size, and deployment architecture to see if their views are relevant.

DIY SOAR Quadrant Analysis: Completeness of Vision

To evaluate their?completeness of vision, look at the features and capabilities offered by the vendor. Here’s a checklist of SOAR capabilities that you can find in Smart SOAR that you can use to benchmark other SOAR platforms:

[Continue Reading]