Gartner Defines New Technology Class for Security Operations, Analytics and Reporting

Shannon Ragan Mar 23, 2016

As the attack surface has grown; so have the technologies built to tackle it. Unfortunately, the multitude of point solutions have in some ways complicated matters for security practitioners, creating segmented data that requires a great deal of time and resources to unite. And with networks and risks constantly in flux, all this work amounts to only a narrow and likely outdated view of an organization’s state of security.

Gartner has introduced a new technology stack for security operations, analysis and reporting dubbed “SOAR.”  SOAR is a security operations analytics and reporting platform utilizes machine-readable and stateful security data to provide reporting, analysis and management capabilities to support operational security teams. They apply decision-making logic and context to provide formalized workflows and enable informed remediation prioritization. In a nutshell, they provide the intelligence that you wish you had in the original technologies.

There are three primary SOAR technology types: security incident response, security operations automation and vulnerability and threat management.

According to the report, SOAR technologies:

  • Rationalize the output of multiple security technologies.
  • Assess the risk posture of assets using vulnerability, configuration, and other operational state data in asset, business and external contexts.
  • Prioritize security operations activities.
  • Automate and enforce remediation and response workflows.
  • Deploy a technology stack composed of two or more SOAR technologies for full SOM coverage.[1]

We believe that with SOAR intelligence like that in the Skybox® Security Suite, security teams can create agile, mature programs built to match today’s fluid networks and evolving threat landscape.

Take, for instance, the announcement of a new CVSS-scored “critical” vulnerability. With new vulnerabilities discovered daily and the likely thousands waiting to be addressed in an enterprise network, it’s hard for vulnerability management teams to understand what attention to give to this particular announcement. But with Skybox SOAR-style technology, an analysis is run automatically, comprehensively and contextually across the attack surface. In the case of the Security Suite, integrated modules assess:

  • Network and threat intelligence: Is the vulnerability only applicable to certain software versions? How has it been used in the wild, if at all?
  • Network topology and security controls: Where is this vulnerability on your network? Is it already protected through existing controls?
  • Potential business impact: What’s the value of the vulnerable asset? How could a breach be contained?

Evaluating these questions across an entire attack surface will prioritize risks in asset and business context and help focus mitigation efforts where they matter most for the unique organization.

[1] Gartner Innovation Tech Insight for Security Operations, Analytics and Reporting, Oliver Rochford and Paul E. Proctor. November 11, 2015.


Read the full Gartner SOAR report – Innovation Tech Insight for Security Operations, Analytics and Reporting.

See how Skybox uses attack simulation and access path analysis to understand threats outside and inside your network in real-world context.

Security analytics: visualized. See what Skybox® Horizon can show you in your attack surface, in an instant.

Shannon Ragan is the Senior Communications Manager at Skybox Security. Prior to joining Skybox, Ragan was a writer and editor in the legal and STEM fields. She has a passion for the changing world of cyber security and is a self-confessed news junkie. Ragan earned her BA in English at Webster University in St. Louis.

Recent Posts

What’s new in the Skybox Security version 11.5 release
Read More
Cryptomining is hottest new malware type, research reveals
Read More
Three ways to modernize your OT security programs
Read More
How to manage third-party cyber risk in banking and financial services
Read More
Vulnerability and Threat Trends Report highlights the importance of cyber exposure analysis that goes beyond CVSS rating
Read More
Skybox 2021 Vulnerability and Threat Trends mid-year report
Read More