18 Sep GUI vs. DIY: How Ease of Use Will Shape the Future of the SOAR Market
By Tom Young, Executive Vice President of Worldwide Sales
As the SOAR market shifts from early adopters to the early majority, a familiar trend toward ease of use has emerged that’s reminiscent of the enterprise server market two decades ago.
Microsoft’s “GUI” approach drove market share growth
At the time, highly skilled, command-line savvy server admins preferred the customization and power of the “Do-it-Yourself” approach of building and configuring UNIX systems via a Command Line Interface, while the majority of enterprises eventually flocked to Microsoft’s point-and-click, “GUI” server configuration approach, which was easier to adopt because it didn’t require specialized, expensive, hard-to-find and hard-to-retain skills.
And while Linux has since taken over the enterprise server market, it was this evolution of Microsoft’s original “GUI” approach that drove growth in market share for the early and late majority of the technology adoption life cycle to eclipse, and eventually dwarf UNIX’s command line-driven “DIY” approach, which while preferred by early adopters, couldn’t capture the larger market because it required expensive, specialized, hard-to-find/retain skills.
Analyst-friendly SOAR will drive demand
The same dynamics are at play in the current Security Orchestration, Automation and Response (SOAR) market, where multiple early market entrants are appealing to early adopters that have the budgets and lots of resources to “DIY” their security orchestration and automation framework using Python programming and/or proprietary command-line syntax.
However, the average Security Analyst is not a DevOps guru and typically lacks programming skills, particularly the Python scripting necessary to configure and deploy these complicated platforms. In fact, the ability to define new customized process workflows and associated integrations via a “GUI” or adapt out-of-the-box templates without requiring users to write code or learn a command line syntax is what we believe will drive demand in the SOAR mass market.
Take a Guided Tour
Complete the form to schedule a demo of Syncurity’s award-winning IR Flow Security Operations and Incident Response Platform.
Orchestration and automation add value beyond security
While some believe that the software features of the SOAR market will eventually be absorbed by the SIEM or ITSM markets, there is a growing recognition that orchestration and automation has additional value that extends well beyond security into additional enterprise use cases. For example, core IT (e.g. Patch Management), Physical Security (e.g., facility alarm response) and other enterprise business applications (wire transfer approvals, quote to cash, etc.) promise to provide strong use cases beyond enhanced security. Some of these use cases blend the cyber and physical realms, such as the correlation of server logins with badge swipes on the server room door. These types of cross-discipline use cases will become more prevalent as the number of enterprise IoT devices grows.
Hard-to-find skills are required for DIY SOAR solutions
The MSSP market is another trend that will continue to drive GUI vs. DIY SOAR market expansion, as this market is predicted to grow 15% annually over the next three years, while the Managed Detection and Response (MDR) market is expected to grow over 30% annually in that same timeframe. Clearly, these providers must find ways to rationalize the effort required to triage their clients’ signal to noise ratio and differentiate their services by integrating the incident response process into their clients’ infrastructure vs. throwing incidents over the wall via email. This requires them to adopt SOAR platforms for integration with their clients’ different SIEMs, Security Tools and Ticketing Systems. In fact, the use of a security orchestration and automation platform is quickly becoming a “buy” criterion for MSSP customers. However, these MSSPs must also do so while maintaining margins and staff, both of which are a challenge when specialized, hard-to-find skills are required for DIY SOAR solutions.
SOAR Market Transition
Time will tell if history repeats itself in the SOAR sector of the security market, but here at Syncurity, we are seeing adoption of our GUI-driven, IR-Flow platform follow a similar IT lifecycle adoption pattern – GUI vs. DIY. We are confident that our ability to stand-up SOAR platforms faster, for less initial and on-going cost and without requiring analysts to have specialized programming or command-line skills, will be the difference in this market as it transitions from early adopters to the mass market. Do you feel the same?
White Paper: Reduce Phishing in the SOC
Ebook: Stop Drowning In Security Alerts
Addressing Analyst Fatigue In The SOC Whitepaper
Syncurity’s award-winning IR Flow Security Operations and Incident Response Platform
IR Flow Product Overview Datasheet (pdf)