The State of SOAR 2020

Attacks are on the rise, and security teams are turning to automation to help them stop sophisticated threats more efficiently and effectively.

Our survey found that COVID-19 has further expanded the need for automation, with 47% of companies seeing more alerts since the start of the pandemic.

Incident response teams face a number of manual, fragmented and burdensome processes.

One of the most pressing challenges is threat intelligence: While 81% of companies say threat intelligence is critical to incident response, they also say ingesting it is time-consuming. Companies subscribe to 6.8 threat feeds on average, and these feeds tend to be poorly integrated into other security tools.

Security orchestration, automation and response (SOAR) capabilities use playbook-driven automation to combine case management, process automation and threat intelligence.

In the next year, 67% of security teams plan to spend more on SOAR to increase speed, reduce alerts, and better define and execute processes.

Security teams are drawn to SOAR for its limitless extensibility to support new use cases.

Top SOAR use cases today are detection and response, vulnerability prioritization, compliance checks, and security audits. In the next 12 months, SecOps teams plan to extend to cloud security, MITRE ATT&CK^® use cases, network operations and more.

Companies aren’t limiting themselves to playbooks they build themselves. In fact, 78% of incident responders expressed interest in playbooks built or certified by SOAR vendors, MSSPs and others in the security community.

See more data on current challenges, priorities and use of automation in incident response.

Download a complimentary copy of “The State of SOAR, 2020.”