Guest Column | April 26, 2021

Why SOAR-as-a-Service Is A Big Opportunity For The Channel

By Faiz Shuja, SIRP Labs

Open door opportunities (002).jpg

Cybersecurity is one of the technology markets with the biggest opportunity for growth today, as businesses invest in fortifying their remote operations against opportunity attackers. Gartner estimates that security spending grew 2.6 percent in 2020 – contrasting a fall of more than eight percent in overall IT spending.

This means cybersecurity is one of the most dependable sectors for MSPs looking to grow their market shares. Any solution that helps organizations improve their ability to reliably detect and respond to threats is especially valuable. The volume of incoming threats that security teams must deal with daily has steadily increased, so creating a more efficient response strategy is a priority.

To this end, Security Orchestration, Automation and Response (SOAR) has emerged as a highly sought-after capability, making it a valuable addition to the portfolio of any managed service provider seeking growth.

Why Is SOAR In High Demand?

Analysts have predicted the global SOAR market will reach $2.3 billion by 2025 as organizations continue to develop the maturity of their security capabilities and focus on automation. Gartner also estimates that 30 percent of enterprises with dedicated security operation centers (SOCs) will be using a SOAR by the end of 2021 – a huge leap from the roughly five percent of businesses using SOAR in 2018.

The main driver behind this growth is that SOAR integrates with multiple different security tools into a single cohesive platform, facilitating more efficient, automated security processes that are crucial to keeping up with the growing volume and pace of threats.

Research conducted by SIRP found that security professionals receive more than 800 new security alerts a day on average. While many will carry minor risks or turn out to be false positives, each one must be investigated, which can take around 15-30 minutes to complete manually. Even for the very best security analysts in the business, getting through every single one of these alerts is an impossible task. Further, manually ticking off false positives eats into time that could be better spent on more valuable strategic activity. Worse, slogging through this daily deluge can give security practitioners a serious case of alert fatigue. A burned-out SOC team is more likely to overlook high-priority threats hidden in the background noise.

A SOAR solution combats the threat of alert overload by integrating all the security tools into one platform, providing a single pane of glass to view all incoming data. This will immediately start to ease the pressure on overworked teams by making it easier for them to prioritize and saving the time wasted switching between a dozen different solution tools.

The real value of SOAR though comes from its ability to facilitate automation. With the entire security suite united under one roof, it becomes possible to develop sophisticated response playbooks that will greatly reduce the need for manual input. Many alerts can even be closed with no human intervention at all. This greatly reduces the risk of high priority threats going unnoticed, while also freeing up the team for more high-value activity.

The Advantages Of A Channel-Based Model For Selling SOAR-as-a-Service

Alongside its value as a solution to one of the most pressing security problems today, SOAR is also a strong fit for delivering as-a-service. Working with a third-party provider means an organization can access the benefits of SOAR without the heavy up-front costs needed to acquire the technology in-house. SOAR-as-a-service also means organizations will receive on-going support to ensure the use of the platform is optimized. 

SOAR shines when there is a complex array of different security solutions involved. The more tools there are to integrate into the platform, the more data that can be accessed and the more processes that can be automated. This makes it a strong addition to any MSP portfolio as it can be readily bundled and combined with other offerings to create a more valuable proposition. The use of SOAR also can help security partners to manage multiple customers, reducing their response times and helping them to meet their SLAs more easily.

There is also high demand for SOAR platforms among security vendors that offer SOC and SIEM services, creating the opportunity for strategic partnerships.

For example, SOAR works particularly well in conjunction with Security Information and Event Management (SIEM). These solutions already aggregate security logs from across the IT environment into a single place, aiding with visibility and prioritization. However, SIEM tools generally stop short of actually carrying out response activity to the threats they detect. Integrating SIEM and SOAR makes it possible to take this data and slot it into multiple automatic response playbooks.

With organizations continuing to prioritize investment in their security capabilities, there is a growing market share available for MSPs that offer high-end tools and solutions. SOAR is a valuable proposition for any security portfolio thanks to its focus on driving efficiency and the fact it works best in conjunction with multiple other security solutions. MSPs that can include SOAR in their offerings in 2021 will find strong opportunities with enterprise and security vendors alike. 

About The Author

Faiz Shuja is Co-founder and CEO of SIRP Labs.