Security Orchestration, Automation and Response Solutions Reviews and Ratings
What are Security Orchestration, Automation and Response Solutions?
Security orchestration, automation and response (SOAR) solutions combine incident response, orchestration and automation, and threat intelligence (TI) management capabilities in a single platform. SOAR tools are also used to document and implement processes (aka playbooks, workflows and processes); support security incident management; and apply machine-based assistance to human security analysts and operators.
SOAR solutions must provide:
- Highly customizable workflow process management that enables repeatable automated tasks to be turned into playbooks that run in isolation or joined together into more sophisticated workflows.
- The ability to store (locally or in a third-party system) incident management data to support SecOps investigations.
- Manually instigated and automated triggers that augment human security analyst operators to carry out operational tasks consistently.
- A mechanism to collate and better operationalize the use of threat intelligence.
- Support for a broad range of existing security technologies that supports improved analyst efficiency and acts as an abstraction layer between the desired outcomes and the custom-made set of solutions in place in your environment.
Product Listings
Filter by
PhishER is a platform for managing the high volume of potentially malicious email messages reported by users. With automatic prioritization of emails, PhishER aims to help InfoSec and Security Operations teams cut through the inbox noise and respond to the most dangerous threats more quickly. With PhishER, users are able to automate the workstream of 90% of reported emails that are not threats.
PhishER is available as a stand-alone product or as an optional add-on for KnowBe4 customers that want to automatically prioritize and manage potentially malicious messages that were reported through the KnowBe4 Phish Alert Button. PhishER Plus is an upgraded subscription level that includes all of the features from PhishER with additional enhancements and AI-validated crowdsourced data. PhishER Plus was developed to help supercharge an organization’s email security defenses.
Swimlane Turbine software is an automation platform designed to address security operations challenges by streamlining incident response and threat management processes. The software utilizes a low-code approach to enable users to automate workflows such as case management, alert triage, and threat intelligence integration. It supports scaling security automation across various environments and integrates with diverse cybersecurity tools to consolidate data and actions. Swimlane Turbine software helps organizations enhance operational efficiency by reducing manual tasks and accelerating the detection, assessment, and resolution of security events. The software aims to enable security teams to manage increasing volumes of alerts, lower response times, and optimize resource utilization in complex security infrastructures.
FortiSOAR is a security orchestration, automation, and response software designed to help organizations manage and streamline their security operations. The software enables automated response to security incidents, centralizes and standardizes processes, and integrates with multiple security tools to provide a coordinated response environment. It aids security teams in aggregating alerts, reducing response times, and prioritizing incident handling by delivering case management, threat intelligence, and workflow automation capabilities. FortiSOAR addresses the business need for more efficient security operations by allowing teams to unify and automate complex workflows, manage incidents from initial detection to resolution, and reduce manual effort in incident investigation and response.
Splunk SOAR is a software designed to automate and orchestrate security operations processes by integrating with existing security tools and workflows. It enables security teams to coordinate incident response, manage investigations, and remediate threats through customizable playbooks and integrations with a wide range of security technologies. The software facilitates case management, workflow automation, and enables users to standardize and accelerate responses to security events. It provides features for task assignment, evidence collection, and reporting, helping organizations improve the efficiency of their security operations centers. Splunk SOAR aims to reduce response times and operational overhead by automating repetitive tasks and enabling streamlined incident management.
Google Security Operations is a software that enables organizations to detect, investigate, and respond to cyber threats across their digital infrastructure. The software integrates security information and event management (SIEM) capabilities with threat intelligence, security analytics, and automation. It helps centralize security data from various sources, providing capabilities such as alert triage, incident investigation, and workflow automation to assist security teams in responding efficiently to threats. The software utilizes correlation, analysis, and visualization tools to identify malicious activity and reduce response times, helping organizations manage security operations and mitigate risks in complex IT environments.
Cortex XSOAR is a software designed for security orchestration, automation, and response. It centralizes security operations by integrating with multiple security tools and data sources to automate repetitive tasks, coordinate incident response workflows, and manage security alerts. The software provides playbooks to streamline processes such as threat intelligence management, case management, and alert triage. It supports custom integrations and workflows to accommodate a variety of security operations center use cases. By consolidating incident data and automating responses, Cortex XSOAR addresses the challenge of improving efficiency and consistency in security operations.
Tines is a software designed to automate security workflows and incident response processes for organizations. The software enables users to create and manage stories, which are automated sequences of actions that help streamline tasks such as threat detection, alert triage, and data collection. Tines integrates with various external tools and services to facilitate information sharing and automated decision-making across security operations. It aims to reduce manual effort and response times by allowing users to customize automation workflows to fit specific operational requirements, promoting consistent and repeatable responses to security events.
Torq Hyperautomation is a software designed to help organizations automate security processes and workflows across their existing technology stack. The software provides a no-code platform that enables users to create custom automated workflows to connect and orchestrate security tools, respond to incidents, and manage alerts. Torq Hyperautomation allows integration with a wide variety of security and IT systems, helping teams streamline repetitive tasks, reduce manual effort, and improve response times to security events. The software addresses challenges related to operational efficiency in security operations centers by facilitating seamless data exchange and automated policy enforcement. It is utilized for automating security playbooks and optimizing incident management processes.
Trellix ePolicy Orchestrator is a software designed to provide centralized management of security policies and systems across an organization. The software enables administrators to deploy, manage, and enforce endpoint security, compliance, and other protection measures from a unified console. It helps organizations monitor threats, automate security workflows, and ensure consistent policy enforcement throughout diverse environments. Trellix ePolicy Orchestrator supports integration with various security solutions, allowing for streamlined operations and reporting. Its core function is to address challenges associated with distributed security management, policy compliance, and timely incident response to enhance IT and data protection strategies.
BlinkOps is an agentic security operations company that enables enterprise security teams to achieve AI transformation. Our Agentic SOC, Agentic Automation, and Agentic Studio platforms, combined with AI as a Service, provide the expertise, technology, and framework needed to automate security operations at scale, keep organizations ahead of any threat, and dramatically reduce risk.
InsightConnect is a software designed to automate security operations workflows and streamline incident response processes. It facilitates integration with existing security and IT tools to orchestrate repetitive tasks, enabling security teams to reduce manual effort and improve operational efficiency. The software provides features such as automated threat detection, response actions, case management, and reporting within a centralized platform. InsightConnect supports collaboration across teams by enabling consistent and auditable workflows, helping organizations address business challenges related to security event management, incident resolution speed, and resource utilization. It is utilized to increase visibility, ensure faster remediation of security issues, and optimize operational processes within security environments.
Smart SOAR is a software designed to automate and orchestrate security operations for organizations. The software provides features such as incident response, case management, workflow automation, and comprehensive reporting. It facilitates the aggregation, normalization, and correlation of security alerts from various sources to streamline investigation and remediation processes. Smart SOAR connects with threat intelligence feeds, ticketing systems, and security tools to enable centralized management and oversight of security incidents. The software aims to enhance operational efficiency for security teams by reducing manual tasks and supporting regulatory compliance efforts, ultimately addressing challenges related to alert fatigue, response times, and process consistency within security operations centers.
ArcSight SOAR is a software designed to enhance security operations by automating and orchestrating incident response workflows. The software integrates with various security tools to collect and analyze threat data, enabling efficient case management and investigation of security incidents. ArcSight SOAR provides playbooks for response procedures, supports collaboration among security teams, and tracks the progress of incident resolutions. It aims to reduce manual tasks, standardize response processes, and improve response times for cybersecurity events. The software addresses the need for organizations to manage increasing volumes of alerts and streamline security operations center activities.
IBM Security QRadar SOAR is a software designed to help organizations manage and respond to security incidents. The software provides case management, workflow automation, and real-time collaboration tools to streamline the incident response process. It enables security teams to document, track, and prioritize incidents, as well as coordinate response efforts across different stakeholders. The software includes features for playbook automation, threat intelligence integration, and reporting, assisting organizations in reducing response times and ensuring consistent incident handling. QRadar SOAR addresses the business challenge of coordinating complex security operations and helps organizations improve their ability to investigate, mitigate, and recover from security incidents.
Autonomous SecOps & Investigation Platform powered by Hyperautomation that unifies detection, investigation, and response within a single pane of glass. Designed to maximize ROI, it consolidates tools, eliminates costly integrations, and enhances visibility across on-prem and cloud environments. The Casebook AI Command Center centralizes alerts, investigations, and forensic data for faster, smarter decisions, while Autonomous SOC modules handle triage, case routing, and 24/7 operations even when teams are offline. The hyperautomation engine enables drag-and-drop orchestration and autonomous playbook generation in seconds. Connector-agnostic and powered by a Domain-Specific LLM, Imperum integrates with over 500,000 endpoints and protocols beyond traditional REST APIs, removing vendor lock-in and reducing MTTD, MTTR, and MTTI. Accessible via AR SOC Glasses, Mobile App, or SOC Wall, it transforms SOCs into proactive, intelligent defense centers.
Microsoft Sentinel is a security information and event management software designed to help organizations detect, investigate, and respond to potential threats across their digital environments. The software aggregates and analyzes data from various sources such as users, applications, servers, and devices, both on-premises and in the cloud. It utilizes artificial intelligence to identify patterns and anomalies that may indicate security risks. Microsoft Sentinel provides capabilities for automated incident response, threat intelligence enrichment, and customizable dashboards for monitoring and reporting. The software aims to streamline security operations, reduce the time to investigate incidents, and support compliance with various regulatory requirements by offering integrated management and analytics tools for safeguarding enterprise assets.
ServiceNow Security Incident Response is a software that assists organizations in managing and resolving security incidents by automating critical processes such as incident identification, prioritization, and response coordination. The software integrates with existing security solutions to facilitate data collection, streamline incident triage, and ensure regulatory compliance. It provides workflows for reporting, tracking, and investigating security events, enabling teams to assess impact, contain threats, and remediate risks efficiently. The software offers dashboards and analytics for monitoring incident trends and resolution metrics, supports collaboration among security, IT, and other stakeholders, and helps businesses address the challenge of responding to increasing security threats while maintaining operational continuity.
OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence and observables. It enables cybersecurity teams to organize, store, and operationalize threat information across technical, operational, and strategic levels.
The Anomali Platform is a software that delivers threat intelligence management and security analytics to help organizations detect, investigate, and respond to cyber threats. The software aggregates and normalizes threat intelligence from a range of open source, commercial, and information sharing sources. It enables correlation of internal security events with global threat data to identify potential compromises and security risks. The Anomali Platform supports automation workflows, customizable dashboards, and reporting tools to streamline threat intelligence operations and provide insights for security teams. The software aims to address challenges related to threat visibility, alert fatigue, and the ability to respond effectively to threats by integrating with security infrastructure and providing contextual threat analysis.
Blumira Automated Detection and Response is a security software designed to identify and mitigate threats within IT environments. The software provides automated threat detection by analyzing logs and security signals from various sources, helping organizations respond to incidents more efficiently. It integrates with common IT infrastructure, including cloud and on-premises systems, and enables early notification of potential security events. The software assists IT teams in reducing manual workloads by delivering actionable recommendations for containment and remediation of threats. Blumira Automated Detection and Response addresses the business challenge of limited security resources by streamlining incident response processes and supporting compliance requirements.
Features of Security Orchestration, Automation and Response Solutions (Transitioning to Security Information and Event Management)
Updated October 2024Mandatory Features:
A mechanism to collate and better operationalize the use of threat intelligence.
The ability to store (locally or in a third-party system) incident management data to support SecOps investigations.
Support for a broad range of existing security technologies that supports improved analyst efficiency and acts as an abstraction layer between the desired outcomes and the custom-made set of solutions in place in your environment.
Manually instigated and automated triggers that augment human security analyst operators to carry out operational tasks consistently.
Highly customizable workflow process management that enables repeatable automated tasks to be turned into playbooks that run in isolation or joined together into more sophisticated workflows.



















