The article suggests that the relevance of SOARs depends on an organization's ability to maintain dedicated engineering resources and the maturity of its incident response processes. While some organizations may benefit from outsourcing incident response tasks, others with a strong engineering culture can leverage SOARs to enhance their SOC's capabilities. SOARs can provide comprehensive control over tooling integrations and serve as a system of record for incident response, potentially increasing analyst capacity and reducing response times if implemented effectively.
Key takeaways:
- SOAR platforms were initially designed to automate manual processes in security operations centers but have been labeled obsolete by Gartner due to high costs and competing features in existing security platforms.
- The role of a SOAR engineer is becoming more prominent, as implementing and maintaining SOAR systems requires programming skills, contrary to the initial marketing of SOARs as user-friendly automation tools.
- Despite being labeled obsolete, stand-alone SOARs, especially open-source and pure-play options, continue to grow in popularity due to their flexibility and independence from specific vendors.
- Low-code SOAR platforms are expected to rise in adoption as AI-powered coding assistants enable analysts with basic coding skills to create sophisticated automations, benefiting open-source SOARs more than closed-source products.