Splunk SOAR Recognized in Forrester Now Tech: SOAR, Q2 2022 Report

The Splunk SOAR team is excited to be recognized within Forrester’s report Now Tech: Security Orchestration, Automation, And Response (SOAR), Q2 2022. Splunk SOAR is categorized within the Security Analytics Portfolio functionality segment and in the “Large” vendor market presence segment. The following post will share more on our views of the report, our position in this dynamic market landscape, and a look at what’s ahead.

Report Overview

Authored by Forrester analyst Allie Mellen and published on April 14th, 2022, the report examines 31 vendors in the SOAR market category based on the following five ‘functionality segments’:

• Security Analytics Platform
• Security Analytics Portfolio
• Threat Intelligence
• Pure Play
• Automation Portfolio

A comparison table is provided that measures 12 critical SOAR capabilities within each of these five functionality segments (i.e. “out of the box playbooks” and “security technology integrations”). Vendors are also segmented by their estimated revenues (i.e. Large, Midsize, or Small). As noted above, Splunk SOAR was categorized within the Security Analytics Portfolio functionality segment and Large revenue segment (definitions of these segments are found within the report).

The Forrester report notes that the Security Analytics Portfolio segment, “has the benefit of potentially strong integrations with other aspects of the portfolio, while also having the freedom to implement with other security analytics technologies.” We believe being categorized within the Security Analytics Portfolio segment is reflected by Splunk SOAR’s growing ecosystem of 350+ Apps allow users to automate actions across third-party technologies, along with a tight cohesion with the broader Splunk portfolio, most importantly with the Splunk Enterprise Security (ES) platform (SIEM/Security Analytics) and Splunk Intelligence Management. Organizations clearly want a more complete set of technologies that work together to solve a broad set of challenges as opposed to siloed point solutions.

Meeting the Breadth, Depth and Speed of Your SecOps

Security operations teams are facing immense challenges from alert overload to employee burnout and it’s clear that SOAR can enable teams to keep up with the changing nature of adversary tactics. But with 31 different vendors named in this report by Forrester, it’s hard to know where to start the process of comparing vendor capabilities. We think Splunk SOAR stands out from the crowd for teams that require extensibility, flexibility, and speed by offering the most complete solution that integrates with other Splunk tools and your broader technology stack.

Splunk’s core DNA as a company has always been extensibility and continues to be demonstrated by our focus on partnerships - just look at the scale of the Splunk Partnerverse. We know we can’t solve every technology challenge on our own, especially when it comes to automation which is built upon App integrations with your key technologies. We partner with your technologies in threat intelligence, endpoint security, network security, identity, vulnerability management, and many other tools.

Our continued focus is on improving your security operations by providing pre-built playbooks out-of-the-box to help security analysts get started with automation using a low-code/no-code approach. We have also advanced your Splunk SOAR user experience in a few key areas that help speed up your security operations to close the detection and response gap such as:

• Deploy How You Want: Splunk SOAR allows you to deploy either in the cloud, on-premises or a hybrid.
• Integrate SecOps Tools: The tight cohesion with Splunk Enterprise Security (ES) which ensures tighter SIEM/Security Analytics + SOAR integration by ingesting risk-based alerts.
• Ease of Use: The release of our new and improved Visual Playbook Editor (VPE) to simplify how you put together the building blocks of your security workflows.
• Simplify App Development: The release of fully open-sourced Apps and a consolidated App Editor within the product that runs alongside the VPE.
• Threat Intelligence Fusion: Built-in threat intelligence and insights from our SURGe research team and Splunk Intelligence Management help you develop playbooks that stay ahead of threats.
• Faster Time to Value: Our introduction of “input playbooks” allow analysts to automate simple security tasks across their operation first, helping SOCs to “walk before they run” with automation before endeavoring to automate processes end-to-end.

Looking Ahead

The Forrester Now Tech report closes with guidance for buyers that are evaluating SOAR with the advice that “planning is paramount when adopting SOAR” and provides cautions such as setting realistic expectations, defining your processes, and allocating resources. We couldn’t agree more with this guidance. Starting with a mindset of task-based automation vs. end-to-end automation will help reign in your deployment objectives by starting small. As you begin to automate the basic tasks that you perform the most often, those can then become a stamp and repeat process within your more complex workflows over time.

More information about all these new developments will be found at our annual user conference .Conf22. Splunk SOAR experts will be presenting on a variety of topics related to security operations and co-presented with some of our key partners and customers. If you haven’t signed up yet, be sure to register here. The event will be held both virtually and physically in Las Vegas from June 13th to June 16th, 2022. Look forward to seeing you there!