The latest in an ever-increasing bag of supplemental platforms to address the shortcomings of legacy cyber threat platforms is SOAR (Security Orchestration Automation and Response).
Like its predecessors, SOAR is a cyber bandage designed to address the failed promises and functional inadequacies of legacy (SIEM, NTA and UBA) vendors with yet another layer of additive and arguably unnecessary technology.
It’s yet another “solution” to add to the heap.
In fact, in a recent survey conducted by Swimlane, cybersecurity professionals stated that the most popular use case for SOAR was as a tool to triage their already existing SIEM solution:
What are the key use cases your organization is utilizing SOAR for?
“SOAR is just another band-aid for the shortcomings of all of these other products,” says Mike Yelland, Senior Sales Engineer at MixMode.
Take, for example, the primary value prop for SOAR solutions as described by vendors and analysts alike: To improve, streamline, and enhance the interoperability between multiple, disparate security platforms.
The presumption then for the value of a SOAR platform is that the previously deployed cybersecurity platforms have failed to address the requirements they were intended to solve.
Worse, it presumes that the original goals of the deployment can only be addressed by adding additional supplemental technology and workflow integration to address the deployed product’s functional gaps.
The most concerning aspect of SOAR’s position in the market is that it requires customers to acknowledge that all the additive technology, associated budget, and operational resources invested to date have not fulfilled the promises they have been touted to deliver.
In our newest whitepaper, “SOAR: The Acknowledgement That All Of Your Cybersecurity Platforms Have Failed,” we refute the patchwork strategy of additive cybersecurity solutions and technology and explain why we believe SOAR is just an admission that all of your other cybersecurity platforms aren’t doing their job.
Ultimately, even teams that invest heavily in a variety of add-on solutions typically find that they remain vulnerable to internal, external, and zero-day threats. For teams stuck in this add-on solution cycle, providing adequate cybersecurity requires a whack-a-mole approach, where another issue pops up as soon as the company invests in a new solution.