Believe the Hype: New Gartner Report Places Automated Incident Response on the “Slope of Enlightenment” and SOAR in the “Trough of Disillusionment”

Gartner just hammered another nail into the coffin of SOAR. The just-released “Gartner IT Service Management software (ITSM) Hype Cycle” report confirms SecOps professionals are profoundly unhappy with antiquated, legacy SOAR products and vendors. In fact, it places SOAR at the very bottom of its “Trough of Disillusionment” column, meaning “the innovation does not live up to its overinflated expectations.”

According to Gartner, “SOAR requires both development and ongoing operational cycles to maintain, similar to other coding development practices” and that justifying the expense of a SOAR purchase “remains an obstacle for clients.”

In contrast, the report points to modern generative AI-based security automation as a path forward for modern enterprises. It refers to Automated Incident Response solutions, such as the Torq Hyperautomation Platform, as being on the “Slope of Enlightenment,” due to its advanced threat identification, management, and remediation capabilities, and vastly higher ongoing ROI. 

“Workflow automation tools can automate workflows that are part of processes like converting actionable alerts into incidents, opening a communications channel in instant messengers for collaboration, updating the status on a web portal in real time and one-click remediation for existing runbooks,” states the report.

It goes on to applaud modern post-SOAR automation for its unique ability to “remediate and extend incident response capabilities that can integrate with DevOps toolchains.”

Gartner further highlights other critical limitations of SOAR in the report, including:

  • High initial set up and implementation costs
  • High ongoing maintenance and support costs
  • The requirement for specialized personnel and analysts with extensive coding skills
  • Integration and interoperability issues with third-party tools and custom connectors
  • The unrealistic and inaccurate expectation that SOAR can solve all security issues as a standalone solution

In closing, Gartner recommends organizations be extremely critical about their security platform purchase decisions, advising them to “select an appropriate product based on buyer understanding and its applicable use cases, such as SOC optimization, threat monitoring and response, threat investigation and hunting, and TI management.”

Torq professionals are ready to help emancipate organizations from the limitations of SOAR and answer any questions they may have stemming from this report.

If you’re in a trough of disillusionment and ready to ditch Legacy SOAR, contact us to get a demo of Torq Hyperautomation.