We’re excited to announce that D3 Security has been named as a Sample Vendor in the SOAR (Security Orchestration, Automation and Response) category in Gartner’s latest Hype Cycle for Security Operations 2022 report. There are many SOAR vendors these days, so we’re pleased to see that D3 Security is consistently included on Gartner’s nonexhaustive lists. If you’re a cybersecurity leader or planner, download the report, courtesy of D3 Security, to learn the upsides and downsides of leading cybersecurity technologies. The report provides strategic advice to security leaders on which technologies they should consider budgeting to deliver effective incident response and remediation.
Technologies covered in this year’s report include:
- Automated Penetration Test and Red Teaming Tool
- Breach and Attack Simulation
- Cyber Asset Attack Surface Management (CAASM)
- Cloud Access Security Broker (CASB) 🆕
- Cyber-Physical Systems 🆕
- Cybersecurity Mesh Architecture 🆕
- Data Discovery and Management
- Digital Forensics and Incident Response
- Digital Risk Protection Services
- Endpoint Detection and Response
- Eternal Attack Surface Management
- Exposure Management 🆕
- Identity Threat Detection and Response (ITDR) 🆕
- Managed Security Information and Event Management (SIEM) Services
- Managed Detection and Response (MDR) Services
- Network Detection and Response (NDR )
- OT (Operational Technology) Security
- Penetration Testing as a Service (PTaaS)
- Threat Intelligence Products and Services
- Vulnerability Assessment
- Vulnerability Prioritization Technology
- Extended Detection and Response (XDR)
Gartner’s Hype Cycle, Explained
The Gartner Hype Cycle is a way of visualizing the different stages of adoption for any new technology. It has been used by Gartner analysts to forecast future technology trends for more than 25 years. Represented in a line graph with two axes – X representing time and Y representing expectations – the Hype Cycle assumes that every technology innovation will go through periods of over-optimism, disillusionment, and eventual productivity. Gartner’s Hype Cycle divides technologies into five stages: Innovation Trigger, Peak of Inflated Expectations, Trough of Disillusionment, Slope of Enlightenment, and Plateau of Productivity.
Technology innovations do not progress through the graph at the same pace, which is why Gartner assigns a color-coded dot to each technology to estimate how long it will take for it to reach the Plateau of Productivity. This insightful 20-year spreadsheet-driven analysis of the Gartner Hype cycle by Michael Mullany, GP at Icon Ventures reveals that only a handful of technologies predictably traveled through the hype cycle. At least 50 technology trends were a flash in the pan, appearing for a single year, only to disappear. Some, like intelligent agents (aka chatbots) and speech recognition required breakthroughs in deep learning and nearly two decades to reach the plateau of productivity. The takeaway here is that predicting the future is hard, and even the best in the business can get it wrong from time to time.
Why SOAR gets a “High” Benefit Rating
Gartner also assigns all the technologies in the Hype Cycle a Benefit Rating – Low, Moderate, High, or Transformational. SOAR gets a “High” Benefit Rating, which we believe it deserves for its ability to eliminate time spent on repetitive, manual tasks. SOAR is a must-have for security teams looking to mitigate the cybersecurity talent crunch, retain talent, and improve SOC productivity.
Read: What is a SOAR Playbook?
SOAR playbooks allow SOC resources to be upskilled and perform tasks as judiciously as the most skilled and experienced person in your team. Security orchestration also reduces the chances of errors that inevitably creep up when incident response workflows are executed manually. Alert enrichment is one of the best use cases for SOAR. The ability to reduce false positives and overall alert volume, and prioritize alerts helps bring dramatic improvements to your overall security posture. SOAR has plenty of compelling use cases, from phishing, ransomware, and vulnerability management, to name a few.
With NextGen SOAR, we believe our innovations kick the benefits up a notch to transformational. This includes the Event Pipeline, our global event playbook, which brings hyperautomation capabilities to your SOC. The Event Pipeline processes every security alert ingested into NextGen SOAR through a three-stage process. It starts with Data Normalization, where key event fields and artifacts are extracted and mapped from the raw alert data. Next, in the Triage phase, the normalized events are deduplicated and enriched with threat intelligence, CMDB information, and correlations across your security stack. Next, in the Auto-Dismissal and Escalation phase, false-positive checks can be set as rules to filter and then auto-close false-positive events. The rest of the events are escalated to incident status to kick-off response actions, and assign analysts. The Event Pipeline’s multitenancy support makes it ideal for multinational companies and MSSPs.
Our no-code SOAR playbooks provide convenience and abilities not found in other SOAR platforms. NextGen SOAR ships with a library of out-of-the-box playbooks, hundreds of utility commands, testing capabilities, version control, role-based access, and nested playbooks for improved usability and maintainability. They’re also optimized for fast runtime, by processing tasks in parallel.
From The Trough of Disillusionment To The Plateau of Productivity
Gartner’s latest Hype Cycle for SecOps report positions SOAR technology in the Trough of Disillusionment. As we’re deep in the trenches of building SOAR technology, we’re aware that there are a lot of SOAR products out there that are not meeting expectations. In fact, about 40% of new customers are companies that switched from a SOAR product to NextGen SOAR. Thanks to our innovations like Event Pipeline, no-code playbooks, and our 500+ vendor-agnostic integrations, many of our clients are saving thousands of SOC time through automation. Eliminating some of the most tedious aspects of the incident response process reduces overall stress in the SOC. Our SOAR Replacement program helps you migrate your existing playbooks, scripts, and case data. Don’t be stuck with a SOAR tool that leaves you in the Trough of Disillusionment. Sign up for a demo to know how we can help your SOC soar to the Plateau of Productivity.