Professional Documents
Culture Documents
POWERED BY
Security Orchestration,
Automation, and Response
96
Reviews
8
Products Included
POWERED BY
Contents
Info-Tech’s Data Quadrant Reports provide a comprehensive evaluation of popular products in the
Security Orchestration, Automation, and Response market. This buyer’s guide is designed to help
prospective purchasers make better decisions by leveraging the experiences of real users.
The data in this report is collected from real end users, meticulously verified for veracity,
Data Quadrant.................................................................................................................. 4 exhaustively analyzed, and visualized in easy to understand charts and graphs. Each product is
compared and contrasted with all other products in the category to create a holistic, unbiased view
Category Overview ...................................................................................................... 5 of the product landscape.
Use this report to determine which product is right for your organization. For highly detailed reports
Vendor Capability Summary................................................................................ 5 on individual products, see Info-Tech’s Product Scorecard.
Vendor Capabilities.......................................................................................................7
This report is available free of charge for internal use only to assist with software evaluation and selection. Sharing, republishing, distributing, or
Product Feature Summary.................................................................................. 19 otherwise copying any portion of this report without the express written consent of SoftwareReviews.com is strictly prohibited.
Product Features......................................................................................................... 21
© 2022 SoftwareReviews.com. All rights reserved.
2
POWERED BY
3
POWERED BY
SOFTWARE REVIEWS Assess vendor and product performance at a glance and use the SoftwareReviews
Data Quadrant
Data Quadrant to identify which products and vendors are leadings the pack and
which are trailing.
MARCH 2022
9.0
PRODUCT
INNOVATOR
LEADER
Swimlane Platform
Tines
SECURITY ORCHESTRATION,
AUTOMATION, AND
RESPONSE
IBM Security QR adar SOAR
PRODUCT FEATURES AND SATISFACTION
The Software Reviews Data Quadrant evaluates and ranks products based on feedback from IT and business professionals.
The placement of a software in the Data Quadrant indicates its relative ranking as well as its categorization.
Siemplify SOAR Platform
CHALLENGER STAR
7.3 Note: The axes ranges are dynamically adjusted based on minimum and maximum values in the dataset.
X
7.6 VENDOR EXPERIENCE AND CAPABILITIES 8.9
= Outlier
4
POWERED BY
Category Overview
This page provides a high level summary of product performance within the Security Orchestration, Automation, and Response category. Products are ranked by a composite
satisfaction score (Composite Score) that averages four different areas of evaluation: Net Emotional Footprint, Vendor Capabilities, Product Features, and Likeliness to
Recommend. The Net Emotional Footprint Score measures user emotional response ratings of the vendor (e.g. trustworthy, respectful, fair).
Use this data to get a sense of the field, and to see how the products you’re considering stack up.
RANK PRODUCT COMPOSITE SCORE NET EMOTIONAL NET EMOTIONAL VENDOR PRODUCT LIKELINESS TO NUMBER OF
FOOTPRINT FOOTPRINT DISTRIBUTION CAPABILITIES FEATURES RECOMMEND REVIEWS
5
POWERED BY
Tines 94% 93% 89% 95% 98% 91% 100% 98% 95% 95% 86% 95%
IBM Security QRadar SOAR 83% 84% 91% 89% 84% 84% 86% 80% 78% 80% 84% 77%
Swimlane Platform 83% 84% 84% 80% 83% 81% 89% 85% 80% 84% 80% 80%
Splunk SOAR 80% 84% 80% 75% 73% 82% 73% 84% 73% 80% 84% 89%
FortiSOAR 78% 75% 80% 82% 75% 85% 69% 85% 80% 75% 67% 80%
Siemplify SOAR Platform 77% 77% 75% 75% 73% 77% 75% 80% 80% 77% 75% 77%
FireEye Helix SOAR 72% 68% 80% 75% 70% 73% 78% 73% 70% 67% 70% 73%
CATEGORY AVERAGE 81% 81% 83% 82% 79% 82% 81% 83% 80% 80% 78% 82%
Cloud SOAR 78% 70% 75% 80% 75% 80% 85% 90% 80% 80% 60% 80%
6
POWERED BY
Vendor Capabilities
This table lists and briefly describes all vendor capabilities that are evaluated in the Security Orchestration, Automation, and Response software
category. For your convenience, you will also find longer descriptions of the capabilities under the capability subheadings in the subsequent pages.
The underlying purpose of software is to create value for employees, customers, partners The importance of vendor support will vary for each organization depending on internal
and ultimately shareholders. As a result, it is imperative that any software selection be capabilities, but there will always be issues that only the vendor can resolve. Use the data
aligned with the organization’s needs and deliver enough business value to justify the cost.
Vendor Support in this section to see which vendors tend to under-service their product and which will
Business Value Created The data below highlights the satisfaction level associated with the business value derived offer quality support.
from various product offerings. Use this information to identify the software that
consistently creates business value for its customers.
The ability to integrate with other systems is increasingly important; without this, manual
Ease of Data Integration data loading and extraction can be time-consuming and prone to error. Use this section to
Users prefer to work with feature rich software that enables them to perform diverse series see which vendors will cause headaches and which will make data integration easy.
of tasks as opposed to one they find restrictive. The data below highlights the satisfaction
Breadth of Features level associated with the breadth of features from various product offerings. Use this
Administrative interfaces don’t get the same attention as those built for end users, but they
information to identify which software offers valuable comprehensive functionality that
shouldn’t be clunky or unintuitive. Use the data in this section to determine which vendors
extends beyond the basic level. Ease of Administration make administration easy, so that your IT personnel can resolve issues and perform
configurations efficiently and effectively.
Feature quality is just as important as quantity. Software needs to do what you’re
purchasing it to do, easily, intuitively, reliably, and effectively. Use the data in this section to
Quality of Features gauge whether or not a product follows through on the marketing hype by delivering high
Out-of-the-box functionality often isn’t enough, especially for niche or industry-specific
software, and the reason you’re buying rather than building is to save time and money in
quality features.
Ease of Customization the first place. Don’t get bogged down in a difficult customization; use the data in this
section to make sure you can easily achieve the functionality you need for your particular
Purchasing software can be a significant commitment, so it’s important to know if your situation.
vendor is serious about the need for constant improvement and deliberate strategic
Product Strategy and Rate of direction. Vendors who don’t stay on top of emerging needs and trends won’t enable you to
Improvement Effective and readily available training enables users to get the most out of the software
meet your business goals. Use the data in this section to separate innovators from Availability and Quality of you’ve chosen. Use this section to make sure your vendor’s training programs and
imposters. Training materials measure up.
End user learning curves cost the organization money. Pay attention to your end users’
Usability And Intuitiveness technical ability to determine how important UX is in your purchase.
Choosing the right software is only the first step. Successfully implementing the new
solution is necessary in order to realize its full value and promote end user adoption. Use
Ease of Implementation the data in this section to determine which software is easy to implement, and which may
jeopardize your goals by causing trouble in this stage.
7
POWERED BY
Business Value Created The underlying purpose of software is to create value for employees, customers, partners and ultimately shareholders. As a result, it is imperative that any software selection
be aligned with the organization’s needs and deliver enough business value to justify the cost. The data below highlights the satisfaction level associated with the business
value derived from various product offerings. Use this information to identify the software that consistently creates business value for its customers.
Delights 73%
Highly
Satisfies
27%
93 %
TINES
Business Value
Created
Almost --
TOP PRODUCT
Satisfies
Disappoints --
6 FortiSOAR 75% 10
REVIEWS
8
POWERED BY
Breadth of Features Users prefer to work with feature rich software that enables them to perform diverse series of tasks as opposed to one they find restrictive. The data below highlights the
satisfaction level associated with the breadth of features from various product offerings. Use this information to identify which software offers valuable comprehensive
functionality that extends beyond the basic level.
Delights 65%
SOAR
Features
Almost --
Satisfies
TOP PRODUCT
Disappoints --
2 Tines 89% 11
REVIEWS
5 FortiSOAR 80% 10
REVIEWS
9
POWERED BY
Quality of Features Feature quality is just as important as quantity. Software needs to do what you’re purchasing it to do, easily, intuitively, reliably, and effectively. Use the data in this section to
gauge whether or not a product follows through on the marketing hype by delivering high quality features.
Delights 91%
Highly -- 95 %
TOP PRODUCT
Almost 9%
Satisfies
Disappoints --
3 FortiSOAR 82% 10
REVIEWS
10
POWERED BY
Product Strategy and Purchasing software can be a significant commitment, so it’s important to know if your vendor is serious about the need for constant improvement and deliberate strategic
Rate of Improvement
direction. Vendors who don’t stay on top of emerging needs and trends won’t enable you to meet your business goals. Use the data in this section to separate innovators from
imposters.
Delights 91%
Highly 9% 98 %
Disappoints --
4 FortiSOAR 75% 10
REVIEWS
11
POWERED BY
Usability And End user learning curves cost the organization money. Pay attention to your end users’ technical ability to determine how important UX is in your purchase.
Intuitiveness
Delights 73%
Highly
Satisfies
18%
91 %
TINES
Usability And
Intuitiveness
Almost 9%
TOP PRODUCT
Satisfies
Disappoints --
2 FortiSOAR 85% 10
REVIEWS
12
POWERED BY
Vendor Support The importance of vendor support will vary for each organization depending on internal capabilities, but there will always be issues that only the vendor can resolve. Use the
data in this section to see which vendors tend to under-service their product and which will offer quality support.
Delights 100%
Highly -- 100
TINES Satisfies
%
TOP PRODUCT Vendor Support
Almost --
Satisfies
Disappoints --
7 FortiSOAR 69% 10
REVIEWS
13
POWERED BY
Ease of Data Integration The ability to integrate with other systems is increasingly important; without this, manual data loading and extraction can be time-consuming and prone to error. Use this
section to see which vendors will cause headaches and which will make data integration easy.
Delights 91%
Highly 9% 98 %
TOP PRODUCT
Almost --
Satisfies
Disappoints --
3 FortiSOAR 85% 10
REVIEWS
14
POWERED BY
Ease of Administration Administrative interfaces don’t get the same attention as those built for end users, but they shouldn’t be clunky or unintuitive. Use the data in this section to determine which
vendors make administration easy, so that your IT personnel can resolve issues and perform configurations efficiently and effectively.
Delights 82%
Highly
Satisfies
18%
95 %
TINES
Ease of
Administration
Almost --
TOP PRODUCT
Satisfies
Disappoints --
3 FortiSOAR 80% 10
REVIEWS
15
POWERED BY
Ease of Customization Out-of-the-box functionality often isn’t enough, especially for niche or industry-specific software, and the reason you’re buying rather than building is to save time and money in
the first place. Don’t get bogged down in a difficult customization; use the data in this section to make sure you can easily achieve the functionality you need for your particular
situation.
Delights 91%
Highly -- 95 %
TOP PRODUCT
Almost 9%
Satisfies
Disappoints --
6 FortiSOAR 75% 10
REVIEWS
16
POWERED BY
Availability and Quality Effective and readily available training enables users to get the most out of the software you’ve chosen. Use this section to make sure your vendor’s training programs and
of Training
materials measure up.
Delights 64%
Highly
Satisfies
18%
86 %
TINES
Availability and
Quality of Training
Almost 18%
TOP PRODUCT
Satisfies
Disappoints --
7 FortiSOAR 67% 10
REVIEWS
17
POWERED BY
Ease of Implementation Choosing the right software is only the first step. Successfully implementing the new solution is necessary in order to realize its full value and promote end user adoption. Use
the data in this section to determine which software is easy to implement, and which may jeopardize your goals by causing trouble in this stage.
Delights 82%
Highly
Satisfies
18%
95 %
TINES
Ease of
Implementation
Almost --
TOP PRODUCT
Satisfies
Disappoints --
4 FortiSOAR 80% 10
REVIEWS
18
POWERED BY
This page summarizes user satisfaction with a variety of product features. While strong and consistent performance across the board is desirable, you may be willing to
tolerate low scores on features that don’t impact your primary use case or core objectives. Use this high-level data to help plan and structure your product evaluation.
MANAGEMENT PLAYBOOKS/
OVERALL CASE INTEGRATION AND SHARING RUNBOOKS AND
PRODUCT FEATURE MANAGEMENT DASHBOARDS FEEDBACK LOOP CAPABILITIES OF WORKFLOW
SATISFACTION
INTELLIGENCE BUILDER
Siemplify SOAR Platform 80% 81% 83% 78% 79% 80% 77%
IBM Security QRadar SOAR 79% 82% 74% 81% 80% 80% 75%
FireEye Helix SOAR 72% 70% 73% 69% 73% 80% 69%
19
POWERED BY
This page summarizes user satisfaction with a variety of product features. While strong and consistent performance across the board is desirable, you may be willing to
tolerate low scores on features that don’t impact your primary use case or core objectives. Use this high-level data to help plan and structure your product evaluation.
Swimlane Platform 83% 80% 83% 87% 80% 80% 83% 84% 84%
FortiSOAR 82% 88% 69% 86% 69% 81% 90% 80% 85%
Siemplify SOAR Platform 80% 77% 75% 77% 75% -- 75% 79% 77%
IBM Security QRadar SOAR 79% 86% 82% 80% -- -- 84% 84% 84%
FireEye Helix SOAR 72% 75% 70% 73% 70% 70% 70% 70% 85%
Splunk SOAR 71% 72% 81% 64% 56% 59% 72% 72% 72%
CATEGORY AVERAGE 80% 82% 80% 80% 74% 74% 82% 81% 83%
Cloud SOAR 83% 70% 70% 80% 75% -- 80% 80% 75%
20
POWERED BY
Product Features
This table lists and describes all the features that are evaluated in the Security Orchestration, Automation, and Response software category. For your
convenience, these descriptions are repeated under the feature subheadings in the subsequent pages.
Mandatory Features Flexible playbooks to support integration workflows and REST API to allow flexibility in
Integration Capabilities integration development.
The solution provides the ability to create, manage, annotate, route and close service
Case Management (or other cases). Claims resolution tracking.
The ability to heavily leverage a REST API and represent data in a way that can be
Management and Sharing of shared among multiple teams and tools. STIX/TAXII support.
Create multiple, custom dashboards tailored to different teams. Intelligence
Dashboards
Solution should enable playbook and workflow creation and modification using simple
Leverage the feedback loop to enable faster, more accurate actions as you anticipate Playbooks/Runbooks and Workflow techniques—such as drag-and-drop interfaces.
Feedback Loop and thwart a threat actor’s next move. Builder
Standard Features Extensible storage to meet growing needs. The ability to link documents and artifacts
Document & Artifact Storage to relevant intelligence or other information.
Eliminate the burden of manually analyzing and remediating the growing volume of
Automated Phishing Handling phishing emails.
Support how an organization plans, manages, tracks and coordinates the response to
Integration with IR Management a security incident.
Enable the organization to create use cases that may be proprietary to the
Capable of Use Case Development organizations circumstances or environment.
Ability to prioritize mission-critical playbooks. Performance easily monitored from
Orchestrate & Automate central location with no execution limits and additional servers as needed.
Ground truth telemetry from other analysts around the globe is provided anonymously
Collective Analytics Layer and automatically.
Allows multiple users to comment on, mark-up, annotate, or edit a document. Provides
Team Collaboration team sites, workspaces or other landing areas that enhance productivity.
Flexible data model that supports bespoke indicators. Associations can be formed
Data Model between different objects, e.g. between threat actors and their capabililities.
21
POWERED BY
Case Management Mandatory Feature The solution provides the ability to create, manage, annotate, route and close service (or other cases). Claims resolution tracking.
Delights 83%
Highly
Satisfies
17%
96 %
TINES
Case Management
TOP PRODUCT
Almost --
Satisfies
Disappoints --
5 FortiSOAR 81% 10
REVIEWS
22
POWERED BY
Dashboards Mandatory Feature Create multiple, custom dashboards tailored to different teams.
Delights 50%
SWIMLANE
Highly
Satisfies
40%
85 %
Dashboards
PLATFORM Almost
Satisfies
10%
TOP PRODUCT
Disappoints --
3 FortiSOAR 83% 10
REVIEWS
7 Tines 63% 11
REVIEWS
23
POWERED BY
Feedback Loop Mandatory Feature Leverage the feedback loop to enable faster, more accurate actions as you anticipate and thwart a threat actor’s next move.
Delights 82%
Highly
Satisfies
18%
95 %
TINES
Feedback Loop
TOP PRODUCT
Almost --
Satisfies
Disappoints --
4 FortiSOAR 79% 10
REVIEWS
24
POWERED BY
Integration Capabilities Mandatory Feature Flexible playbooks to support integration workflows and REST API to allow flexibility in integration development.
Delights 91%
Highly
Satisfies
9%
98 %
TINES
Integration
Capabilities
TOP PRODUCT
Almost --
Satisfies
Disappoints --
5 FortiSOAR 78% 10
REVIEWS
25
POWERED BY
Management and Sharing of Mandatory Feature The ability to heavily leverage a REST API and represent data in a way that can be shared among multiple teams and tools. STIX/TAXII support.
Intelligence
Delights 56%
Highly
Satisfies
33%
86 %
TINES
Management and
Sharing of
TOP PRODUCT
Almost 11% Intelligence
Satisfies
Disappoints --
2 FortiSOAR 83% 10
REVIEWS
26
POWERED BY
Playbooks/Runbooks and Mandatory Feature Solution should enable playbook and workflow creation and modification using simple techniques—such as drag-and-drop interfaces.
Workflow Builder
Delights 91%
Highly
Satisfies
9%
98 %
TINES
Playbooks/
Runbooks and
TOP PRODUCT
Almost -- Workflow Builder
Satisfies
Disappoints --
2 FortiSOAR 91% 10
REVIEWS
27
POWERED BY
Automated Phishing Handling Standard Feature Eliminate the burden of manually analyzing and remediating the growing volume of phishing emails.
Delights 88%
Highly
Satisfies
13%
97 %
TINES
Automated
Phishing Handling
TOP PRODUCT
Almost --
Satisfies
Disappoints --
2 FortiSOAR 88% 10
REVIEWS
28
POWERED BY
Capable of Use Case Development Standard Feature Enable the organization to create use cases that may be proprietary to the organizations circumstances or environment.
Delights 91%
Highly
Satisfies
9%
98 %
TINES
Capable of Use
Case Development
TOP PRODUCT
Almost --
Satisfies
Disappoints --
7 FortiSOAR 69% 10
REVIEWS
29
POWERED BY
Collective Analytics Layer Standard Feature Ground truth telemetry from other analysts around the globe is provided anonymously and automatically.
Delights 75%
Highly
Satisfies
13%
91 %
TINES
Collective
Analytics Layer
TOP PRODUCT
Almost 13%
Satisfies
Disappoints --
3 FortiSOAR 86% 10
REVIEWS
30
POWERED BY
Data Model Standard Feature Flexible data model that supports bespoke indicators. Associations can be formed between different objects, e.g. between threat actors and their capabililities.
Delights 88%
Highly
Satisfies
--
94 %
TINES
Data Model
TOP PRODUCT
Almost 13%
Satisfies
Disappoints --
5 FortiSOAR 69% 10
REVIEWS
31
POWERED BY
Document & Artifact Storage Standard Feature Extensible storage to meet growing needs. The ability to link documents and artifacts to relevant intelligence or other information.
Delights 50%
Highly
Satisfies
25%
81 %
FORTISOAR
Document &
Artifact Storage
TOP PRODUCT
Almost 25%
Satisfies
Disappoints --
3 Tines 79% 11
REVIEWS
32
POWERED BY
Integration with IR Management Standard Feature Support how an organization plans, manages, tracks and coordinates the response to a security incident.
Delights 90%
Highly
Satisfies
10%
98 %
TINES
Integration with IR
Management
TOP PRODUCT
Almost --
Satisfies
Disappoints --
2 FortiSOAR 90% 10
REVIEWS
33
POWERED BY
Orchestrate & Automate Standard Feature Ability to prioritize mission-critical playbooks. Performance easily monitored from central location with no execution limits and additional servers as needed.
Delights 91%
Highly
Satisfies
9%
98 %
TINES
Orchestrate &
Automate
TOP PRODUCT
Almost --
Satisfies
Disappoints --
4 FortiSOAR 80% 10
REVIEWS
34
POWERED BY
Team Collaboration Standard Feature Allows multiple users to comment on, mark-up, annotate, or edit a document. Provides team sites, workspaces or other landing areas that enhance productivity.
Delights 80%
Highly
Satisfies
10%
93 %
TINES
Team
Collaboration
TOP PRODUCT
Almost 10%
Satisfies
Disappoints --
2 FortiSOAR 85% 10
REVIEWS
35