As the market for security orchestration, automation, and response (SOAR) platforms has exploded in the past few years, many SOAR vendors have been acquired by larger technology companies. Others have stayed independent. This split has added a new factor for SOAR buyers to consider, as Gartner covered in their recent SOAR Market Guide.
It might not be obvious to you why it matters who owns your SOAR platform, but there are several implications that will affect the day-to-day effectiveness of your security operations and the value you get from your investment.
Independent, vendor-neutral, vendor-agnostic, open platform. Whatever you call it, being free from larger corporate interests has significant value. So in this article, I’ll explain the three reasons that you need an independent SOAR vendor.
The effectiveness of a SOAR platform lives and dies on the strength of its integrations. The best integrations have deep functionality and are continually updated and improved as the integrated tools evolve. This requires close collaboration between vendors, including a willingness to let the developers of the other tool take a look “under the hood” of the technology.
With an independent SOAR vendor, this is easy enough to maintain. But now consider a scenario where the SOAR vendor also makes a firewall product, for example. You, the client, use a different company’s firewall. You are counting on these two vendors to work closely together, despite being in direct competition. How likely is that?
This issue is likely to get worse over time. Most of the major SOAR acquisitions have happened in the last couple of years, so many of the platforms that were acquired still have decent integrations with their competitors’ products (because they weren’t competitors when the integrations were developed). Unfortunately, these integrations are likely to quickly deteriorate, due to conflicting interests, and not keep pace with new versions of integrated tools.
Independent SOAR vendors do one thing: make the best SOAR technology possible. A SOAR platform that is part of a larger security company is just one piece of a corporate plan that is governed by many different drivers, incentives, priorities, and stakeholders. This distinction has been clear in some of the SOAR tools that were acquired and quickly saw their technology rolled into other products or had their roadmaps deprioritized. With an independent vendor, you know exactly what you’re getting, and where their focus will be.
Working with a vendor on something as big as a SOAR implementation is a significant relationship involving interaction with the vendor’s sales reps, project managers, support team, trainers, and more. With an independent vendor, these contacts are simply trying to support your SOAR project. Sure, they might want to upsell you on some more user licenses, but that’s about it. Their goals and yours are aligned.
With a SOAR platform that is owned by a larger company, your contacts are representing the interests of the parent company. This means their incentives are not necessarily aligned with your best interests. Contacts from these vendors are much more likely to pressure you towards the other products owned by their company, such as a SIEM or endpoint protection tool. They will not be as supportive when implementing their SOAR platform into a security stack that includes tools owned by their competitors.
These are just some of the reasons that D3 has remained fiercely independent. In fact, D3 NextGen SOAR is the leading independent SOAR platform. It’s fully vendor-neutral with 300+ integrations, and more are added with every release. Our laser focus on SOAR allow us to provide the best possible value to our clients—no other agenda, no conflicts of interest.
To learn more about the value D3 SOAR can bring to your organization, check out our recent whitepaper Creating Value and ROI through D3 NextGen SOAR.