Content, Channel partners, Content

State of SOAR 2018: Security Teams Respond to Less Than 7% of Alerts

Finding the right balance between technological advancement and cybersecurity is challenging for security teams, which is reflected in a survey conducted by security orchestration, automation and response (SOAR) solutions provider Demisto.

The Demisto "State of SOAR Report 2018" showed that today's cybersecurity professionals face a wide range of challenges, including:

  • Increasing Security Alerts: Security teams receive an average of 174,000 alerts per week, yet they only can respond to about 12,000 – or less than 7 percent – of these alerts.
  • Slow Incident Response: The average mean time to respond (MTTR) to incidents was nearly 4.4 days.
  • Limited Personnel: Seventy-nine percent of cybersecurity professionals said they did not have enough people in their security operations center (SOC).
  • Inadequate Security Training: On average, it takes eight months to train security analysts to be effective. Yet a quarter of these professionals change organizations within two years.
  • Complex Security Tools: Seventy-five percent of survey respondents indicated working with multiple security tools was fairly/very challenging.
  • Lack of Security Metrics: Forty-two percent said they did not have a system in place to measure incident response metrics.

SOAR tools can simultaneously ingest threat data from multiple sources and execute automated playbooks that allow security teams to check for threats across end user environments, Demisto said. As such, SOAR tools can help security teams reduce false-positive alerts, coordinate actions across their security tools and automate repeatable incident response actions.

What Does the Future Hold for the Global SOAR Market?

Expect the demand for SOAR tools to increase. In fact, Demisto has predicted the following drivers will accelerate the global SOAR market's growth:

  • Cybersecurity Staff Shortage: Security teams can use SOAR tools to automate and standardize their security efforts and help existing employees work better and faster than ever before.
  • Unattended Security Alerts: SOAR tools can help security teams keep pace with an increasing volume of security alerts, as well as minimize the risk of alert fatigue.
  • Demand for Proactive Threat Hunting: SOAR tools ingest third-party threat feeds and automate "search and destroy" workflows to help security teams quickly identify potential vulnerabilities across end user environments.
  • Push for Threat Intelligence: With SOAR tools, security teams can collate and correlate threat intelligence at a central location.

The global SOAR market is not mature enough to demand its own budget line, Demisto indicated. However, as SOAR tools gain market acceptance, their functionalities and use cases will increase accordingly.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.