Security Orchestration, Automation and Response (SOAR) Tools

Security Orchestration, Automation and Response (SOAR) Tools Overview

Security, Orchestration, Automation and Response (SOAR) tools are software that automate security workflows or provide instructions (playbooks) for repeatable security operations tasks to ensure they remain consistent with policy, and are executed with minimal error. In achieving this, they include or ingest information from SIEM, security operations analytics tools, and security forensic tools for post-incident analysis and process improvement. Their functionality overlap with Incident Response Platforms, which also provide playbooks for security operations, but with an emphasis on particular rare but damaging cases (i.e. incidents) rather than recurring operations.

Security Orchestration, Automation and Response (SOAR) Products

(1-21 of 21) Sorted by Most Reviews

LogRhythm NextGen SIEM Platform
47 ratings
18 reviews
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management …
D3 Security
1 ratings
1 reviews
D3 Security in Vancouver provides a platform for security orchestration, automation, incident response, as well as investigation and case management. Core components of the D3 platform include integrations with SIEM and threat intelligence platforms, a NIST-compliant playbook library, a case managem…
IBM Resilient Security Orchestration, Automation and Response (SOAR)
3 ratings
1 reviews
IBM Security Resilient, a Security Orchestration, Automation, and Response (SOAR) platform, which the vendor states is designed to help security teams respond to cyber-threats with confidence, automate with intelligence, and collaborate with consistency. It captures and codifies established incident…
ThreatConnect, from the company of the same name in Arlington, is described by the vendor as an Intelligence-Driven Security Operations Platform with both Security Orchestration Automation and Response (SOAR) and Threat Intelligence Platform (TIP) capabilities. They state ThreatConnect unites intell…
FortiSOAR (formerly Cybersponse)
CyberSponse was a security orchestration, automation and response (SOAR) solution, now known as FortiSOAR. Fortinet acquired and now supports the solution (December 2019).
DFLabs IncMan
Italian company DFLabs offers IncMan, their flagship security automation and orchestration platform emphasizing rapid incident detection, a higher proportion of incidents receiving response, and faster incident response time.
FireEye Security Orchestrator
The vendor states Security orchestration and automation helps users improve response times, reduce risk exposure and maintain process consistency across a security program. Being able to simplify security operations means being able to prioritize alerts, improve staff efficiencies and decrease respo…
Ayehu headquartered in San Jose helps IT and Security professionals to identify and resolve critical incidents, simplify complex workflows and maintain greater control over IT infrastructure through automation.
Demisto, now from Palo Alto Networks (acquired March 2019) provides orchestration to enable security teams to ingest alerts across sources and execute standardized, automatable playbooks for accelerated incident response. Demisto’s playbooks are powered by hundreds of integrations and thousands of s…
Siemplify provides a holistic security operations platform that empowers security analysts to work smarter and respond faster. Siemplify combines security orchestration and automation with contextual investigation and case management to deliver what they describe as intuitive, consistent and measura…
Exabeam Security Management Platform
Exabeam headquartered in San Mateo, offers their SIEM platform, the The Exabeam Security Management Platform. The vendor states the modular Exabeam platform allows analysts to collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response. The Exabeam platform…
Swimlane headquartered in Louisville offers their cyber security automation, orchestration and response (SAOR) platform focusing on incident response and remediative action.
LogRhythm NetworkXDR
LogRhythm NetworkXDR is a focused NDR solution that detects advanced network-borne threats in real-time and features integrated security orchestration, automation, and response (SOAR) capabilities for investigation and response. It offers immediate value and ease of use without requiring sophisticat…
RSA NetWitness Orchestrator
RSA Security provides security orchestration and automation (SOAR) capabilities via RSA NetWitness Orchestrator. The vendor states it is supported by hundreds of preconfigured and customizable playbooks, and that RSA NetWitness Orchestrator empowers teams to collaborate, streamline and automates in…
Rapid7 InsightConnect
Rapid7 offers InsightConnect, a SOAR solution that integrates with existing solutions to orchestrate vulnerability management processes from notification to remediation, so users can ensure critical issues are being addressed with every security advisory that comes in—while leaving human decision po…
SIRP, from SIRP Labs in London, is described by the vendor as a risk-based security orchestration, automation & response (SOAR) Platform.
5th Column headquartered in Chicago provides the security orchestration & operations platform BOSS. They state the solution is designed to remove concerns and cyber distractions and enable users to re-focus on business objectives. The platform supports real-time threat identification, correlation, v…
ServiceNow Security Operations
Built on the Now Platform, the ServiceNow Security Operations application bundle, available in the Standard, Professional, and Enterprise bundles, supports SecOps with security orchestration, automation and response (SOAR) platform. Higher tier plans integrating ServiceNow's own proactive vulnerabil…
Verint Cyber Security (Luminar + Verint Threat Protection System)
Verint SOC, from Verint VIC is a security orchestration solution boasting integrated threat intelligence via Luminar, for proactive cyber defense. Verint SOC is oriented around the needs of government agencies, as well as large enterprises and communications networks.
Transposit headquartered in San Francisco aims to unify incident management and operations, leveraging bi-directional integrations and workflow automations to increase uptime and simplify daily life for engineering teams, supplying "human-in-the-loop" SecOps automation. Transposit’s platform keeps …
Splunk Phantom
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Phantom provides playbook automation and is available as a standalone solution.