Confessions of Security Analysts

Ask a group of security analysts about the challenges of working in cybersecurity, and you’ll likely hear some common themes:

  • A shortage of skilled cybersecurity talent
  • Too many security alerts each day
  • Too many security point-products to manage
  • Lack of interoperability between those products
  • Inability to scale security operations over time
  • Increasing costs, shrinking budgets
  • Increasing sophistication of malware
  • Slow speed of threat detection and response

In light of these challenges, it’s no wonder that security teams feel perpetually overwhelmed. They’re clamoring for new ways to streamline their security operations in order to stay on top of security alerts, increase the speed of detection and response, and do more with less.

Many teams have turned to Security Orchestration, Automation, and Response (SOAR) tools as a remedy. A SOAR tool can orchestrate security actions (like investigations, triage, response) across various security products in a team’s arsenal, and automate otherwise manual repetitive security tasks. 

In a recent study, analyst firm Enterprise Management Associates (EMA) spoke with over 250 IT and Security professionals across North America about their use of SOAR tools. The findings confirmed that SOAR tools truly make a difference. 

Efficiency and Productivity Improvements with SOAR

Teams that used a SOAR tool identified an average efficiency (amount of input vs output) improvement of 48%. In productivity (output over time), gains were similar at about 53%. Given that 64% of security tickets generated per day are not being worked due to lack of manpower and automation, this level of efficiency and productivity gain could make a huge impact and drastically reduce security risks. 

SOAR and Staffing

An overwhelming 97% of respondents in the study said that a SOAR tool allowed increased workload while maintaining the same number of staff members. In fact, just over 65% of respondents said their perception of personnel performance increased by at least one level. On average, 15% of participants said they felt personnel performed at two levels higher. Most importantly, 23% of senior management felt their personnel were performing at least two levels higher.

Return on Investment (ROI) with SOAR

How fast can a SOAR tool start paying dividends? Really fast. Sixty-four percent of study respondents indicated ROI was achieved for them in 12 months or less. Seventeen percent said they achieved return on investment with SOAR in 6 months or less.

View the Summary Report of EMA’s research in our "Confessions of Security Professionals on Security Orchestration, Automation, and Response (SOAR) Tools" report.

SOAR tools allow security analysts to work smarter and respond faster. Can a SOAR tool make a difference for your security team?

John Dominguez
Posted by

John Dominguez

John Dominguez is a product marketer in the Security Markets Group at Splunk. With over 8 years experience in the networking and security industry, John is currently focused on the Security Orchestration, Automation, and Response (SOAR) marketplace. In his role, John is responsible for messaging and positioning, marketing strategy, content creation, and product evangelism for Splunk Phantom. In his previous role in Cisco’s Security Business Group, he marketed Cisco’s Next-Generation Firewall and Cisco Advanced Malware Protection (AMP for Endpoints, AMP for Networks). John has an MBA in Marketing and Strategy from the University of Michigan, and a BA in Economics and Government from Dartmouth College.