XSOAR Comes Up as the Leader in SOAR Comparisons

Nov 29, 2023
5 minutes

Reviews in the Modern Age

Reviews have become an integral part of our decision-making processes. From choosing gadgets and cars to selecting a trendy restaurant, we heavily rely on reviews in both our personal and professional lives. However, when it comes to the cybersecurity space, transparent reviews are somewhat scarce.

For those seeking opinions in the cyber realm, platforms like reddit often serve as a go-to source. Tools such as the common SIEMs have robust communities, offering glimpses into everyday user experiences. For niche tools, like SOAR, platforms like Gartner Peer Insights play a role in providing end users reviews. But, having been enticed by offers like "leave a review and get a free gift card," I can't help but feel that marketing influences still taint some of these reviews. This brings us to the crux of this blog: analyst reviews and market quadrants.

Dissecting Analyst Reports

The summer of 2023 saw the release of three different SOAR market guides from KuppingerCole, Knowledge Quadrant, and GigaOm. Not exactly names being thrown around the C-suite like Gartner or Forrester, but these analyst firms make a good attempt at providing some guidance for a hard to understand market. Breaking down the methodology of these different firms is a job in itself, and to make examining reports more difficult, the results were all over the place.

Over 20 different SOAR companies were mentioned on the different reports, but only eight tools in total appeared across all three market evaluations. Furthermore, each firm gave wildly different perspectives on the SOAR market. For example: KuppingerCole had IBM SOAR (formerly known as Resilient) tied for first place as a market leader with Cortex XSOAR. GigaOm counted XSOAR as a leader and IBM as an challenger and forward mover but very far from a market leader with at least ten other tools “ahead” in their SOAR Radar.

Interestingly, vendors have the prerogative to opt-out post-results, potentially explaining the discrepancies like Securonix's top position in 2022 (according to GigaOm) but its absence in 2023. These fluctuating rankings can be perplexing to readers. However, from the chaos, one trend emerged, best visualized by an aggregate score graph of the eight commonly featured SOAR tools. This graph was created by taking the aggregate scores of the eight SOAR tools that appeared in all three analyst reports and placed on a scale of 1-8. For example QRadar scored high on one evaluation but performed poorly across the other two, earning a net score of 13. Another great example is Swimlane, who received a healthy review in the Knowledge Solutions report but was hardly middle of the pack everywhere else.

chart showing XSOAR was the leader across all analyst reports gaining a score of 24
XSOAR was the leader across all analyst reports gaining a score of 24


From this chart we can see one trend

1. Cortex XSOAR's Dominance: Regardless of the evaluation rubric, XSOAR consistently emerged as a market leader.

I have personally used no less than seven SOAR tools in my career. The following comments are based on my hands-on experience with the majority of SOAR tools in the market. At their core, all SOAR tools aim to orchestrate people, processes, and data. Yet, a proficient SOAR tool doesn’t just offer features—it reduces the workload for security analysts. Here’s how XSOAR stands out:

- Enterprise Ready: XSOAR provides a seamless user experience, akin to products by design-centric companies like Google or Apple. Other competitors, even if they technically have similar features, a lack of ease of use interface relegates them to becoming shelfware.

- Content Over Integrations: While many SOAR vendors tout integrations, XSOAR emphasizes content by bundling integrations with playbooks, widgets, scripts, automations, and dashboards into content packs. This holistic approach to end-to-end incident lifecycle management not only ensures interaction with your existing tech stack but significantly reduces internal development, offering nearly turn key solutions that are maintained and updated regularly.

- Ease of Use Features: XSOAR leverages many intuitive features, from auto-looping and AI data mapping to turnkey threat intel output. These are things that may seem small on paper but once you see them in action (especially versus other tools) will have you saying “wow that's smart.”

In Conclusion

While it's difficult to know which report takes the right tactics with testing, it is helpful to look at the aggregate rather than a single source to grasp the market dynamics. If you are so inclined, check out the findings of KuppingerCole, GigaOm, or Knowledge Solutions, but it is worth knowing that the three reports are not designed to be compared (for example, only eight of the 20 SOAR tools tested appeared on all three).

However, in spite of the differences and contradictions, these reports can provide initial insights into the different SOAR solutions you are evaluating. It goes without saying that the proof is in the pudding - in order to properly evaluate if Cortex XSOAR can meet your needs, you need some hands-on experience with the platform.

To learn more about Cortex XSOAR, we recommend you attend one of our free hands-on workshops, and you can explore the breadth of our out-of-the-box automations available via the Cortex Marketplace. We also have a free Community Edition that you can test drive yourself.


Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.