The 2019 State of SOAR Report

Learn How SOAR Can Elevate Your Incident Response

Every security team has its own set of security tools, competencies, common use cases and compliance requirements. One of the few common threads that weaves through all these elements is the steps for responding to a security incident. Demisto, now part of Palo Alto Networks, sponsored a study of security professionals around the world to delve deeper into their challenges across the incident response (IR) lifecycle, the tools they use and the capabilities they feel are missing from their tool stacks.

The report uncovered some interesting trends:

  • Playbooks are on the rise. More than 50% of respondents use either automated or a mixture of automated and manual playbooks to implement IR processes.
  • Product silos persist. Roughly 50% of respondents use six or more distinct security tools for incident response.
  • It’s a team effort. Security teams must often work with IT teams (85%), NOC teams (53%) and DevOps teams (39%) for incident response.
  • There’s more than just IR. Apart from their day-to-day operations, security teams need to oversee vulnerability management (72%), compliance checks (61%) and cloud security (41%).

Check out the full report to learn more.

Understand the state of SOAR